KDC built in or out of smbd

Andrew Bartlett abartlet at samba.org
Wed Nov 30 22:21:54 GMT 2005

On Wed, 2005-11-30 at 20:21 +0100, Stefan (metze) Metzmacher wrote:
> Krishna Ganugapati schrieb:

> So if *you* want you can do everything, create your own ntvfs_ipc module that passes
> the requests to another unix process,(via our IRPC code or via unix sockets or ...)
> Or you can create you own dcerpc endpoint module and let this pass the requests to another
> unix process.
> Or you can create your an auth module and replace the auth_sam with something like the
> auth_winbind code...
> Or you can write your own process model module....
> But at least when you want to be act as a AD Domain Controller, you need the LDAP-Server, the
> KDC-Server, the SAMR-DCERPC module, the auth_sam module to access the sam.ldb,
> witch is the LDAP-like database that stores the AD tree.

The short way of expressing the above is that interprocess abstraction
is quite possible, and practical.  Personally, I liked the idea (if
perhaps not the implementation) of the Samba-TNG separation of services.
I haven't made a fuss here about it, because if I ever really, really
get that urge, we already have all the plug-in interfaces to handle
exactly that.

None of that changes the trusted set of processes however.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051201/60472fec/attachment.bin

More information about the samba-technical mailing list