Winbind - functionality extension needed
webserv at s3group.cz
Thu Jul 9 14:10:30 GMT 2009
> No. nscd also solves the problem of calling into nss_ldap
> in the user context (i.e. permissions on the system keytab).
Wow! You are right. BUT: nscd runs under "nscd" user account (not
speaking about the SELinux policy) so even nss_ldap would be called in
"nscd" user context. And besides, nss_ldap can not directly use the
system Kerberos keytab file. So nscd does not help me either.
> I'm just offering suggestions. Having winbindd deal with
> other NIS maps seems a bit out of mainstream IMO. But it's not
> really my call.
I agree, having nss_ldapd would be the best solution, indeed.
More information about the samba-technical