New group mapping and the auth subsystem

Andrew Bartlett abartlet at
Fri Nov 30 22:33:05 GMT 2001

I've been following the new group mapping work with great interest - it
it vital work I'm very pleased to see finally happen.

As such, I want to ensure it inter operates correctly with the new
Authentication subsystem, in particular, I want to ensure that Samba
deals with these credentials in the same way no matter their origin - be
they found in a PAC, the info3 struct returned from a domain logon or if
they are generated by the group mapping code within samba itself.

Currently we have part of this for the info3 groups, and I would like to
extend the other functionality in a similar way (that is: source ->
server_info -> user_struct).  

This allows us to store this information once for all future permission
check lookups. (The RPC code in particular).

This also sorts out the domain logon case, becouse you have the same
source -> server_info -> domain logon output.

SAM-backed passwords are now checked in auth/auth_sam.c and I would hope
that the new group code could be called by each auth back-end as

Does this sound sane?

Any questions?

Andrew Bartlett
Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list