No subject
Tue Dec 2 04:10:01 GMT 2003
the covers.
> > you're mixing authentication and autorisation. The authentication backend
> > has nothing to do with generating an autorisation token ! I'm working on
> > the TOKEN stuff right now.
>
> Correct, but it is intimatly involved in creating a list of member
> groups - as it is the only subsystem with direct (no extra network
> traffic) access to that information.
> But how do you (on a member server) get the list of sids that a user
> has? In particular, how do we do this if we don't have winbind?
You can't get the list of SIDs for an "arbitrary" user, they
need to have logged on via netlogon or PAC. Then we know what
SIDs they have (from the return value) and we store it in the
token.
I understand where JF is coming from....
Jeremy.
More information about the samba-technical
mailing list