rethinking the order of getpwnam call in Get_Pwnam_internals?

Gerald (Jerry) Carter jerry at samba.org
Mon Mar 31 19:40:29 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bo Yang wrote:
> Hi, Jeremy:
>        The order of getpwnam call in Get_Pwnam_internals is:
> 1. lowercase username.
> 2. given username, ie, original username
> 3. uppercase username
> 4. level-N combinations of uppercase username.  for example, nodns1, Nodns1, NOdns1, etc.
> 
>     There is a problem of this order when "winbind use default domain = yes" and "username map = filename".
>     
>     I have one unix local user NODNS1 and one domain user NODNSUPDATE\nodns1, and there following entry exists in my smbuser(the username map file):
> NODNS1 = NODNSUPDATE\nodns1.

Bo,

Sorry.  I'm catching up on things.  Your example is a really bad idea
IMO.  You should never use "winbind use default domain = yes" when you
have local users that match the domain username.  That just causes too
much confusion.  I don't real think changing the getpwnam case lookup
ordering for this corner case is a low risk change.

I'll post my patch for a name mapping layer in winbindd this week
and an example nss info plugin as a potential replacement for
"winbind use default domain".  Might not be any better but is
much more intuitive and flexible I think.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH8T4tIR7qMdg1EfYRAv/WAKCxFJFx5c67Wb3qFFF+mwSSIDLBnACfe05J
mMKhpbkDOTDlQ7I3V2ieP7k=
=iEHr
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list