VFS Implementation and user authentication

Luke Kenneth Casson Leighton lkcl at samba.org
Wed Sep 13 03:23:11 GMT 2000

> > user credentials include such things as the user profile, the username
> > under which the [now authorised] local session is to be carried out, uid,
> > gid, secondary groups, home dir, user SID, group SID, group RIDs, etc.
> Forgive me. I was using Kerberos terminology, wherein "credentials"
> refers to forwarded TGTs and proxied service tickets. These tickets name
> a user and ALSO provide the ticket holder the right to impersonate that
> user to other services.

the PAC in the NT5 Krb5 server contains user profile info, which needs to
be conceptually separated from the kerberos ticket itself.

> Is there a better set of words to describe this such that the user
> profile information in credentials can be separated, conceptually, while
> talking about them, from the impersonation tokens?

> I'm willing to learn new terminology, though I cringe every time if the
> new terminology does not improve existing terminology.

i am not an expert on appropriate terminology, however i know someone who
is :)

More information about the samba-technical mailing list