Q: winbindd, unqualfied users, & name conflicts (a.k.a "Death
to 'winbind use default domain'!")
simo
idra at samba.org
Thu Jul 20 17:51:52 GMT 2006
On Thu, 2006-07-20 at 12:37 -0500, Gerald (Jerry) Carter wrote:
> First assigning the wrong groups to a user is a security
> issue. Second, I said pull 'winbind use default domain'
> from the server code and put it in the client code.
ok so you do the translation in pam_winbindd and nss_winbindd instead of
winbindd, sounds reasonable, sorry for the misunderstanding.
> The fact is that this parameter is fundamentally broken.
> It cannot actually work correctly. At some point (probably
> for 3.0.24) we will have to break it and move it to the
> client. There is no way around it.
I was just worried you said you wanted to remove it, I have no objection
on just moving it in the client libraries.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list