[GSoC 2007] Improving Samba 4 winbind, a look back.

Kai Blin kai at samba.org
Wed Sep 19 13:11:07 GMT 2007

On Wednesday 19 September 2007 13:41:48 Andrew Bartlett wrote:

> > What is left to do
> > ------------------
> >
> >     * PAC/info3 caching
> >       As with NTLM caching, PAC/info3 caching was discarded. Caching is
> > only interesting once the other features are working and will be
> > implemented eventually.
> I actually disagree here.  This is perhaps the only reliable way to get
> the groups a user is a member of, and should instead be the primary
> method by which this is obtained.  There is rumoured to be kerberos
> calls to obtain a PAC for a user (without their password), and we should
> try and support this.

I'm not quite sure if I understand you correctly here. Are you saying that PAC 
caching is needed to figure out group membership? I had the impression that 
all the caching was doing was to save us another request for the PAC. Or do 
you only get a PAC during the log-on?

Kai Blin
WorldForge developer  http://www.worldforge.org/
Wine developer        http://wiki.winehq.org/KaiBlin
Samba team member     http://www.samba.org/samba/team/
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070919/9f241913/attachment.bin

More information about the samba-technical mailing list