VFS Implementation and user authentication
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Sep 13 03:23:11 GMT 2000
> > user credentials include such things as the user profile, the username
> > under which the [now authorised] local session is to be carried out, uid,
> > gid, secondary groups, home dir, user SID, group SID, group RIDs, etc.
>
> Forgive me. I was using Kerberos terminology, wherein "credentials"
> refers to forwarded TGTs and proxied service tickets. These tickets name
> a user and ALSO provide the ticket holder the right to impersonate that
> user to other services.
the PAC in the NT5 Krb5 server contains user profile info, which needs to
be conceptually separated from the kerberos ticket itself.
> Is there a better set of words to describe this such that the user
> profile information in credentials can be separated, conceptually, while
> talking about them, from the impersonation tokens?
> I'm willing to learn new terminology, though I cringe every time if the
> new terminology does not improve existing terminology.
i am not an expert on appropriate terminology, however i know someone who
is :)
More information about the samba-technical
mailing list