Should Samba pass "DOMAIN\username" or just "username" to CUPS?

Andrew Bartlett abartlet at samba.org
Thu Dec 25 00:38:07 GMT 2003


On Tue, 2003-12-09 at 02:53, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Andrew Bartlett wrote:
> 
> | We must pass the full unix username.  This should be available by
> | reading uidtoname(current_user->uid), and may or may not have anything
> | in common with the windows username currently being supplied (username
> | map).  The other issue is that we currently pass this ivalue in as the
> | 'requesting user' even if *another* user is attempting to remove the
> | job (on the samba side).
> |
> | The Samba -> CUPS username should always be fully qualified, unless
> | 'winbind use default domain' is set, because DOM1\fred is a very
> | different user to DOM2\fred.  Stripping the name is not a solution
> | (and will therefore break really big sites).
> 
> I agree with Andrew.  The unix account name *is* DOMAIN\user.
> UNIX has no notion of domain names.  Although even with
> 'winbind use default domain', i believe that the stored
> account name should still be DOMAIN\user.  That parameter is only for
> user's convience, not for internal data structures.

The only thing I will say here is that we should supply what lpr would
supply, if a user logged in with pam_winbind etc, to a normal shell (so
as to allow for the same right to delete jobs etc).  

uidtoname(current_user->uid) should give this.  Now all I have to do is
write the patch :-)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031225/d9c4bbd9/attachment.bin


More information about the samba-technical mailing list