CVS update: samba/source/auth
Andrew Bartlett
abartlet at samba.org
Tue May 13 14:42:41 GMT 2003
On Tue, 2003-05-13 at 05:11, Simo wrote:
> atm, the only thing that does not work properly are non unix accounts,
> all the rest should be fine.
My proposal is this:
We enable 'non unix accounts' by default, when the idmap range is set.
However, until winbind_passdb is implemented - and for the case where
it's implemented but not enabled - we will only allow machines to be
added this way.
Because we know the range of rids we are using is safe, and because ldap
now properly increments this counter, I no longer consider it a hack.
It has graduated to 'inspired' ;-)
Note - the idmap changes have removed all 'only unix users in passdb'
checks. A user may be in the passdb without being in /etc/passwd, and
deleting a user from passdb will not 'implcitly' delete them from the
SAM. This makes the ldap code much saner, in particular - and checking
this can be a big performance hit.
The intention is to leave a single check at login time for a valid unix
account, but to otherwise require the admin to clean up both. (The rest
of the time idmap will tell us the uid, without asking nss).
> the distributed winbindd infrastructure is in place, we only miss the
> idmap_ldap code, that's really trivial to do.
A patch for this has been posted, btw.
> the importance of idmap is to be able to add other pieces during 3.0
> releases without having upgrade problems as much as we can.
It also kills a potential performance nightmare in the old 3.0 sid->uid
code.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030514/5bb1e4f6/attachment.bin
More information about the samba-technical
mailing list