Samba4: A tool to offer the GENSEC mechanism to external programs

Andrew Bartlett abartlet at
Mon Jul 25 23:52:27 GMT 2005

On Tue, 2005-07-26 at 01:37 +0200, Jelmer Vernooij wrote:
> On Tue, Jul 26, 2005 at 09:23:39AM +1000, Andrew Bartlett wrote about 'Re: Samba4: A tool to offer the GENSEC mechanism to external programs':
> > By putting GENSEC in a separate process, we have one place that a login-
> > time PAM call has to stash the password, and where it can be kept
> > 'secure', matching the login password cache on windows.  Various
> > applications, including Wine can then call on it's services (request an
> > authentication exchange), without needing the plaintext password, and
> > without needing to try and mix the Samba and WINE codebases.
> As well as licensing issues... Of course those can be resolved, but
> they'd make the whole process more complicated.

Indeed, that was the other reason.   I hate to make design decisions
based on licence 'avoidance', but as I see real software engineering
reasons to take the agent/daemon approach, it also provides what I think
could be argued as a real, legitimate boundary.  (And one which looks
very much like the existing winbind pattern)

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list