Should Samba pass "DOMAIN\username" or just "username" to CUPS?
abartlet at samba.org
Thu Dec 25 00:38:07 GMT 2003
On Tue, 2003-12-09 at 02:53, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Andrew Bartlett wrote:
> | We must pass the full unix username. This should be available by
> | reading uidtoname(current_user->uid), and may or may not have anything
> | in common with the windows username currently being supplied (username
> | map). The other issue is that we currently pass this ivalue in as the
> | 'requesting user' even if *another* user is attempting to remove the
> | job (on the samba side).
> | The Samba -> CUPS username should always be fully qualified, unless
> | 'winbind use default domain' is set, because DOM1\fred is a very
> | different user to DOM2\fred. Stripping the name is not a solution
> | (and will therefore break really big sites).
> I agree with Andrew. The unix account name *is* DOMAIN\user.
> UNIX has no notion of domain names. Although even with
> 'winbind use default domain', i believe that the stored
> account name should still be DOMAIN\user. That parameter is only for
> user's convience, not for internal data structures.
The only thing I will say here is that we should supply what lpr would
supply, if a user logged in with pam_winbind etc, to a normal shell (so
as to allow for the same right to delete jobs etc).
uidtoname(current_user->uid) should give this. Now all I have to do is
write the patch :-)
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031225/d9c4bbd9/attachment.bin
More information about the samba-technical