[PATCH] Implement simple means of supporting pam_winbind UPNB
logins.
simo
idra at samba.org
Sat Jun 30 22:30:52 GMT 2007
On Sat, 2007-06-30 at 17:16 -0500, jerry at samba.org wrote:
> Guenther,
>
> I know we've been around a few times on this whole upn
> logon approach. I looked over your patch and it seems
> much more complicated than I think it needs to be.
> Basically I think we can have pam_winbindd do the upn ->
> sid -> sAMAccountName conversion and just extend the
> msrpc_name_to_sid() call to send the UPN (just as in your
> previous patch).
>
> I've tested this in my local Centeris tree using ssh
> and Gnome's gdm. Seems to work fine. What do you think?
> It adds no new call to the winbindd_methods structure.
> Nor does it require an explicit enable using a new
> parameter in smb.conf.
>From what I can see translate_upn_username() is used only to replace
real_username in pam_sm_authenticate()
But in that function real_username is used only for debugging purposes.
So, why always going through 2 winbindd calls (WINBINDD_LOOKUPNAME and
WINBINDD_LOOKUPSID) just to have the resolved name in debugging output?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list