svn commit: samba r17979 - in branches: SAMBA_3_0/source/utils
abartlet at samba.org
Fri Sep 1 06:57:40 GMT 2006
On Thu, 2006-08-31 at 21:39 -0700, Jeremy Allison wrote:
> On Fri, Sep 01, 2006 at 02:39:41PM +1000, Andrew Bartlett wrote:
> > Why not just add a '--full-username' option?
> I'm trying not to add any more command line options. That
> way lies madness, looking at the complexity of this code.
I realise this has gone though a couple of revisions. I'll need to look
over the final code I suppose...
> > But I fail to see why firefox needs to specify this: Winbindd should
> > fill in the username, from the session (Even if checkied, I would be
> > worried if the user could specify it, given we are returning cached
> > credentials).
> Don't worry, it's checking the user on the other end of the pipe
> using the kernel peercred function - the given username is a sanity
> check that who winbindd thinks it is matches who the client claims
> to be.
My thought is that some applications of this would prefer not to have to
specify a username, and would prefer to 'hope for the best', if cached
credentials are called for. Allowing an additional assert isn't too
harmful I suppose...
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060901/f197fa88/attachment.bin
More information about the samba-technical