VFS Implementation and user authentication

jeremy at valinux.com jeremy at valinux.com
Thu Sep 14 05:36:55 GMT 2000

On Wed, Sep 13, 2000 at 10:16:47PM -0400, Nicolas Williams wrote:
> I meant that only MS' ActiveDirectory puts any profile info in Kerberos
> tickets, at this time. Actually, DCE does something like that as well;
> you're looking at DCE, so you could tell us the gory details ;) ;)

Actually, DCE uses a standard krb5 ticket to get what
they call (if I remember it right) a PTGT which contains
the extra information (like the MS extention it's a list
of groups - in DCE represented by UUID's, not SID's). The
O'Reilly book on DCE security is an *excellent* source of
info on this stuff.

ie. The DCE lot decided not to arbitrarily extend the krb5
standard for their own purposes and then not document it...
(see Microsoft, people *can* play nicely if they try hard :-) :-).


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list