New group mapping and the auth subsystem
abartlet at pcug.org.au
Fri Nov 30 22:33:05 GMT 2001
I've been following the new group mapping work with great interest - it
it vital work I'm very pleased to see finally happen.
As such, I want to ensure it inter operates correctly with the new
Authentication subsystem, in particular, I want to ensure that Samba
deals with these credentials in the same way no matter their origin - be
they found in a PAC, the info3 struct returned from a domain logon or if
they are generated by the group mapping code within samba itself.
Currently we have part of this for the info3 groups, and I would like to
extend the other functionality in a similar way (that is: source ->
server_info -> user_struct).
This allows us to store this information once for all future permission
check lookups. (The RPC code in particular).
This also sorts out the domain logon case, becouse you have the same
source -> server_info -> domain logon output.
SAM-backed passwords are now checked in auth/auth_sam.c and I would hope
that the new group code could be called by each auth back-end as
Does this sound sane?
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical