[PATCH] Implement simple means of supporting pam_winbind UPNB
logins.
simo
idra at samba.org
Sat Jun 30 22:42:32 GMT 2007
On Sat, 2007-06-30 at 17:39 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> simo wrote:
> > From what I can see translate_upn_username() is used
> > only to replace real_username in pam_sm_authenticate()
> > But in that function real_username is used only for
> > debugging purposes. So, why always going through 2
> > winbindd calls (WINBINDD_LOOKUPNAME and WINBINDD_LOOKUPSID)
> > just to have the resolved name in debugging output?
>
> Ahh...Sorry. Looks like the AIX support in SAMBA_3_0's
> pam_winbind is broken. So the patch is a bad merge then.
> Assume that real_username is passed to winbind_auth_request().
> I fix the patch. But the basic means of supporting
> UPN logons stays the same.
Ok, but in this case, why don't you simply pass the unresolved name to
winbind_auth_request() and let winbindd resolve internally the name?
I am not a fan of doing stuff on the "client" side of the fence.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list