[GSoC 2007] Improving Samba 4 winbind, a look back.

Andrew Bartlett abartlet at samba.org
Wed Sep 19 21:09:38 GMT 2007

On Wed, 2007-09-19 at 15:11 +0200, Kai Blin wrote:
> On Wednesday 19 September 2007 13:41:48 Andrew Bartlett wrote:
> > > What is left to do
> > > ------------------
> > >
> > >     * PAC/info3 caching
> > >       As with NTLM caching, PAC/info3 caching was discarded. Caching is
> > > only interesting once the other features are working and will be
> > > implemented eventually.
> >
> > I actually disagree here.  This is perhaps the only reliable way to get
> > the groups a user is a member of, and should instead be the primary
> > method by which this is obtained.  There is rumoured to be kerberos
> > calls to obtain a PAC for a user (without their password), and we should
> > try and support this.
> I'm not quite sure if I understand you correctly here. Are you saying that PAC 
> caching is needed to figure out group membership? I had the impression that 
> all the caching was doing was to save us another request for the PAC. Or do 
> you only get a PAC during the log-on?

You only get the PAC during the log-on, and it is the canonical list of
groups that a user is a member of.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070920/b03161c5/attachment.bin

More information about the samba-technical mailing list