More proposed passdb changes: users without local unix uids.
Jeremy Allison
jra at samba.org
Tue Jan 8 10:01:08 GMT 2002
On Tue, Jan 08, 2002 at 05:12:02PM +1100, Andrew Bartlett wrote:
> Make pdb_add_sam_account() and pdb_upate_sam_account() refill their
> buffers
>
> I'm looking into some various changes to the passdb code - the item of
> interest to me at the moment is finally killing off the machine trust
> accounts in /etc/passwd (but I'm looking at crazy ideas about users not
> in /etc/passwd as well).
>
> As such I've made some modifications to the smbpasswd code so that it
> can store users without an /etc/passwd entry. This is done by using the
> uids above 6000 and converting them to rids in line with existing
> practice.
>
> Of course the uid field never makes it to the SAM_ACCOUNT struct, but
> this method is backward-compatible (as far as I can tell) because the
> smbpasswd format is unchanged (unless you are a site with over 6000
> users in smbpasswd, and I highly doubt there are any, given the
> performance problems).
I'm concerned about this. The reason is that on many
sites the users are not allocated in a linear fashion.
You can't just assume that users over 6000 are "safe".
I'd resist creating users in smbpasswd that don't exist
in /etc/passwd. Please don't check this code in yet.
Jeremy.
More information about the samba-technical
mailing list