status of unixsam and guest passdb backends?
Andrew Bartlett
abartlet at samba.org
Mon Mar 31 00:23:16 GMT 2003
On Mon, 2003-03-31 at 10:10, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 31 Mar 2003, Andrew Bartlett wrote:
>
> > > Unixsam was a useful hack and a bad idea. Most of what it was trying
> > > to do it couldn't really do, and will be replaced by idmap. I had
> > > wanted all rid->uid translations to go via the passdb. However, we
> > > still have to map uid->rid for 'non-existant' accounts, so the
> > > fallback code never got removed, and having unixsam just confused
> > > things (particularly when we were running winbindd too).
> > >
> > > It also broke a pile of conventions about the relationship between
> > > unix and Samba accounts, as you correctly note.
> >
> > Guestsam is in there to provide the only useful thing unixsam did -
> > ensuring that the guest account really was the guest, and had the guest
> > RID. It also helped with some Win2k behavior that assumed the presence
> > of the guest account.
>
> Could you update smb.conf(5) to this effect? Thanks.
Sure.
> Should unixsam support be removed altogether so people can't
> break their servers by listing it in the passdb backends?
Hmm... Possibly. On a system that has all authentication otherwise
redirected, it might have some value, but that's marginal. It's only
current value is in sid->name and name->sid translations.
My intention is to separate the sid->name issue into another layer, much
in the same way that the idmap is being split off. That way we can do
the simple sid->name mapping for 'unix' users, but don't commit to
having a full passdb record for them. I'll have to see how this impacts
on things like domain joins however.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030331/bb58b77a/attachment.bin
More information about the samba-technical
mailing list