[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-917-g8e19a28

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Feb 17 04:40:36 MST 2009


On Mon, Feb 16, 2009 at 05:58:37PM -0800, Zachary Loafman wrote:
> The actual mangling of the token has to occur on the Samba side due to
> the way the code is structured. In the Kerberos case, we're not getting
> the actual token from the wbc calls, so there isn't really an
> opportunity to solve it outside Samba in the existing structure.
> 
> In theory, we could add a complete module system for "post auth token
> mangling" and roll the existing usermap code out into that as well. I'd
> rather not until there's a clear need, especially given how complex it
> would be to factor out the existing code. (Read: it's nightmare, I'd
> break something, you'd be more unhappy!)
> 
> I haven't vetted it completely, but I could probably modify the existing
> username map code to accept a wildcard, something like "*=*". It has no
> real advantages except a decluttering of the configuration option space
> at the expense of a somewhat random syntatic addition to the username
> map.

I like that one better, as it pushes down the decision down
one level further. And as auth_util.c has to deal with the
mapped case anyway, it does not add any clutter to that
module.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090217/a88cc173/attachment.bin


More information about the samba-technical mailing list