svn commit: samba r17979 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_23/source/utils

Andrew Bartlett abartlet at
Fri Sep 1 06:57:40 GMT 2006

On Thu, 2006-08-31 at 21:39 -0700, Jeremy Allison wrote:
> On Fri, Sep 01, 2006 at 02:39:41PM +1000, Andrew Bartlett wrote:
> > Why not just add a '--full-username' option? 
> I'm trying not to add any more command line options. That
> way lies madness, looking at the complexity of this code.

I realise this has gone though a couple of revisions.  I'll need to look
over the final code I suppose...

> > But I fail to see why firefox needs to specify this:  Winbindd should
> > fill in the username, from the session (Even if checkied, I would be
> > worried if the user could specify it, given we are returning cached
> > credentials).
> Don't worry, it's checking the user on the other end of the pipe
> using the kernel peercred function - the given username is a sanity
> check that who winbindd thinks it is matches who the client claims
> to be.

My thought is that some applications of this would prefer not to have to
specify a username, and would prefer to 'hope for the best', if cached
credentials are called for.  Allowing an additional assert isn't too
harmful I suppose...  

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list