winbindd uid and gid range assumptions
Andrew Bartlett
abartlet at pcug.org.au
Mon May 13 15:45:03 GMT 2002
Mike Gerdts wrote:
>
> It seems as though there was an assumption that users of winbindd would
> have switched entirely to NT domain authentication or that they would
> have distinct range of UIDs/GIDs for /etc/passwd (or NIS) and NT domain.
> Is there any good reason to not just let get_id_from_sid() in
> nsswitch/winbindd_idmap.c do all the checking? It seems as though the
> optimization achieved by the multitude of checks is minimal and greatly
> reduces the chances integration possibilities between winbindd and
> traditional unix authentication.
Moving over the socket is a very expencive operation, particularly
compared to a simple if statement. Also, where we know that a uid is
local, we need to check with code that winbind isn't linked to - the
passdb backend.
But yes, we need to deal with things like getting the uid from the SFU
LDAP schema, so this may well change in the future.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list