[PATCH] Implement simple means of supporting pam_winbind UPN logins.

Gerald (Jerry) Carter jerry at samba.org
Sat Jun 30 22:50:54 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simo,

> Ok, but in this case, why don't you simply pass the 
> unresolved name to winbind_auth_request() and let winbindd
> resolve internally the name? I am not a fan of doing
> stuff on the "client" side of the fence.

Much bigger change.  See Gunther's original patch.

What is your technical objection to the upn->sid->name
conversion?  Not "being a fan" is too vague.

IMO the client side is the perfect place to do much of
this stuff and if "winbind use default domain" had been in
the client code to begin with, winbindd itself would have
had many fewer bugs wrt to name translation.

Also doing combination operations like this prevent the
winbindd API from inheriting esoteric calls.  Why add a
new call to the API when you can write a wrapper around
to existing calls.  Given that pam_winbind is not
performance critical, as long as we don't introduce
inappropriate delays, this should be fine.






cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGht5OIR7qMdg1EfYRAo4BAKCFC+XmXDRIcwZrT49DDKF13VrtmgCff10S
OCHyeCcXQtFyyoz3Gytyg5o=
=2c0D
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list