Explaining the new SAM
Gerald Carter
jerry at samba.org
Wed Oct 2 13:11:01 GMT 2002
On Wed, 2 Oct 2002, Andrew Bartlett wrote:
> > This seems like a lot of duplication of code and can lead to
> > "There's a bug in SAM1 but not SAM2". If the access checks
> > will always be the same, why push them into the SAM module and
> > force each write to cut-n-paste security descriptor code.
>
> Yes, I am worried about that a bit. The main issue is that I would like
> a single read from LDAP - so we don't get a race there. But we could do
> it 'after the fact', and get each module to pass up the security
> descriptor to the SAM interface layer.
Ahhh....ok I see now. But it still seems like a lot of duplicated
code.
Taking another perspective, i'm still not convinced why a security
descriptor on each SAM object is needed. What do we gain by it
at the cost of added complexity?
> > So a SAM is a passdb with ACL's. What else?
>
> Groups and policies thown in, but it's not really meant to be that
By policies you mean "rights" like "backup files" ?
> massive. One step at a time and such things. Also a move to NTTIME in
> the interfaces, and an attempt to cope with a wider scope of problems.
What "wider scope of problems"? Without knowing what you are trying to
address, it's pretty hard to comment.
> Mostly it's a rework so we could move further forward then passdb could
> reasonably be streached. It sounds big, but it really isn't...
cheers, jerry
---------------------------------------------------------------------
Hewlett-Packard http://www.hp.com
SAMBA Team http://www.samba.org
-- http://www.plainjoe.org
"SAMS Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2
--"I never saved anything for the swim back." Ethan Hawk in Gattaca--
More information about the samba-technical
mailing list