trustdom_cache when winbind is running?

Gerald (Jerry) Carter jerry at samba.org
Fri Jun 3 14:00:33 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker Lendecke wrote:

| Trusted user connects to a smbd, this smbd does not find
| the trustdom entry in its private gencache.tdb. Thus
| it maps the user to its own domain -> bang...
|
| Wouldn't a WINBIND_IS_TRUSTED_DOMAIN query be
| much smarter for this case? winbind would not
| need to bother with gencache.tdb, as it has a list of
| domains in memory anyway. So the trustdom_cache
| would only be used in the non-winbind case. And
| to be honest, this is broken anyway IMHO.

Something can be broken in multiple ways.  Broken
in design or broken in function.  The code works in
function but may be broken in design.  The setup you
outlined wasn't part of the original requirements :-)

The main reason IIRC for not querying winbindd was
the fact that historically winbind blocked.  But with your
new implementation (and even later versions) this is not
as much of a concern.

So if you want to ping winbindd and ask if the domain is
a trusted one, that sounds like a good idea to me.
And then trustdom_cache is just used for smbd with no
winbindd right ?




cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCoGKAIR7qMdg1EfYRAjmGAKDL4pGPmC42vvlfZIMvRxtY+TUKKwCg8y84
WPPjJ5MJ0IpMK27ecHMMWOQ=
=RAXF
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list