Samba4: A tool to offer the GENSEC mechanism to external
programs
Andrew Bartlett
abartlet at samba.org
Mon Jul 25 23:52:27 GMT 2005
On Tue, 2005-07-26 at 01:37 +0200, Jelmer Vernooij wrote:
> On Tue, Jul 26, 2005 at 09:23:39AM +1000, Andrew Bartlett wrote about 'Re: Samba4: A tool to offer the GENSEC mechanism to external programs':
> > By putting GENSEC in a separate process, we have one place that a login-
> > time PAM call has to stash the password, and where it can be kept
> > 'secure', matching the login password cache on windows. Various
> > applications, including Wine can then call on it's services (request an
> > authentication exchange), without needing the plaintext password, and
> > without needing to try and mix the Samba and WINE codebases.
> As well as licensing issues... Of course those can be resolved, but
> they'd make the whole process more complicated.
Indeed, that was the other reason. I hate to make design decisions
based on licence 'avoidance', but as I see real software engineering
reasons to take the agent/daemon approach, it also provides what I think
could be argued as a real, legitimate boundary. (And one which looks
very much like the existing winbind pattern)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050726/3bff208c/attachment.bin
More information about the samba-technical
mailing list