trusted domains patch n+3
Simo Sorce
simo.sorce at xsec.it
Fri Sep 6 14:45:00 GMT 2002
On Fri, 2002-09-06 at 16:37, Rafal Szczesniak wrote:
> On Fri, Sep 06, 2002 at 04:42:53PM +0200, Simo Sorce wrote:
> > On Fri, 2002-09-06 at 15:56, Andrew Bartlett wrote:
> > > One is the username they wanted, the other is the username they got
> > > (after the username map file). Similarly for domains - if the domain
> > > they wanted is trusted, and we are not allowing trusted domains, or if
> > > the domain doesn't exist, then we replace it with our own domain.
> > >
> > > We may still need their original username/domain for authenticaion
> > > (NTLMv2 comes to mind in particular), hence why we keep both.
> >
> > What are you trying to do there?
> > Why should we replace a domain name with another???
>
> For instance, when lp_allow_trusted_domains() is set to false,
> then user's domain name should is replaced with our domain name.
> Authentication modules will then look for username in our domain's
> SAM instead querying trusted domains.
Can you explain me why we should not simply fail?
Simo.
--
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20020906/7acd5774/attachment.bin
More information about the samba-technical
mailing list