[PATCH] Implement simple means of supporting pam_winbind UPNB logins.

simo idra at samba.org
Sat Jun 30 22:30:52 GMT 2007


On Sat, 2007-06-30 at 17:16 -0500, jerry at samba.org wrote:
> Guenther,
> 
> I know we've been around a few times on this whole upn 
> logon approach.  I looked over your patch and it seems
> much more complicated than I think it needs to be.
> Basically I think we can have pam_winbindd do the upn -> 
> sid -> sAMAccountName conversion and just extend the 
> msrpc_name_to_sid() call to send the UPN (just as in your 
> previous patch).
> 
> I've tested this in my local Centeris tree using ssh
> and Gnome's gdm.  Seems to work fine.  What do you think?
> It adds no new call to the winbindd_methods structure.
> Nor does it require an explicit enable using a new
> parameter in smb.conf.

>From what I can see translate_upn_username() is used only to replace
real_username in pam_sm_authenticate()
But in that function real_username is used only for debugging purposes.
So, why always going through 2 winbindd calls (WINBINDD_LOOKUPNAME and
WINBINDD_LOOKUPSID) just to have the resolved name in debugging output?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org




More information about the samba-technical mailing list