New approach for winbind to match Windows to UNIX users and back

[Michael Fair]

"Luke Howard" <lukeh at PADL.COM> wrote in message
news:200303140138.MAA17449 at au.padl.com...
>
> >I hadn't realized that an SID is actually 256 bits and we at
> >best only have 32 bits to work with I I was only thinking
> >about the RIDs).
>
> A SID is variable length, really.

Does it have a "usual length"  we might be able to
optimize the algorithm for that case (or perhaps use
a different algorithm).

How is the SID constructed?
I thought the SID was a concatenation of some domain
ID (up to 7 32bit IDs) and the RID from that domain...

The RID is 32bits.... Is there always an RID?  I know
that Groups like "Authenticed Users", "Power User",
"Domain Users", "Administrators", "Everybody" and probably
some others are always present and at least some of those
use some very well defined SIDs (that's about the extent
of my SID knowledge (if it's even accurate))...

Ultimately it seems that if foreign domain users and groups
are supported (and I agree that is probably the right thing
to do) then whether or not the user is part of the local
domain really doesn't help us at all... :(

-- Michael --