[PATCH] New external idmap module

simo idra at samba.org
Wed May 31 19:44:58 GMT 2006

On Wed, 2006-05-31 at 21:40 +0200, Volker Lendecke wrote:
> On Wed, May 31, 2006 at 03:24:33PM -0400, simo wrote:
> > I was thinking to use kerberos wrapping something similar to what I
> > already have in idmap_external.c
> > Would that be ok?
> Isn't there anything we can use without going the Kerberos
> way? Kerberos is the perfect choice but it is not available
> on many platforms we have to support. In particular the
> small embedded ones might have opted not to implement it.

Kerberos is standard, secure and maintained, and does not require
anything else but join a domain, any other protocol would require to set
up a shared secret, nothing bad per se but it adds complexity to a tool
thought to make things easier.

> The other thing is: Why do you depend on sqlite? We have tdb
> around, with an already defined format: winbindd_idmap.tdb.
> Why don't you go with that?

I used sqlite3 as I know it and was a way to show that you can use any
storage you want with an external daemon. I do not really depend on


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba-technical mailing list