Architcecture for winbindd client character conversion.

Andrew Bartlett abartlet at samba.org
Wed Aug 29 06:04:57 GMT 2007


On Tue, 2007-08-28 at 15:47 -0700, Jeremy Allison wrote:
> On Wed, Aug 29, 2007 at 08:38:19AM +1000, Andrew Bartlett wrote:
> > 
> > Given the reality that most of us work on systems that use just one
> > charset (even in multiple locales), as to most of our users, how are we
> > going to ensure we don't break this, or introduce security issues as a
> > result of this, in future?
> 
> With a test infrastructure for winbindd, this one will be easy
> to test (ensure name UU exists, setlocale(XX), check getpwnam
> correctly queries for the unxi charset version of UU).
> 
> As for security issues, the same way we do for all of Samba,
> write the best code we can, test it and respond to reviews.
> There are no magic bullets for security.

No, but the multiple valid and canoncial usernames bothers me (I realise
we already have multiple usernames, but we go to some efforts to try and
always return the 'right' one). 

Could we make this a per-user preference, rather than per session?  Have
a localle recorded against each user record, so that no matter who asks
for the user, the same bits are returned?  

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070829/f54debd3/attachment.bin


More information about the samba-technical mailing list