[PATCH]: wbc: expand wbcAuthUserParams to pass alternate domain\user

Gerald Carter jerry at plainjoe.org
Wed May 20 16:00:33 GMT 2009


Stefan (metze) Metzmacher wrote:
>>> If you disallow "username map" for local NLTMv2 support, would that
>>> simplify the problem?  And secondly (forgive me if this is totally
>>> off the wall), could you not just retrieve the original target name
>>> from
>>> V2Response blob?  I don't have a Vista client handy to verify
>>> the empty domain name right now.  So I don't know if the "NetBios
>>> Hostname" (name type 0x1) is the same as the name used when generating
>>> the V2 Hash.
>> Eliminating support for "username map" in conjunction with NTLMv2 would
>> remove the need to pass a second username through wbc.  This is of
>> course a decent feature limitation.
> 
> I think the username map feature should be moved to winbind in this
> case. That's the only way it makes sense at all.

Hey Metze,

This is the same as the aliases support I added a while ago
to winbindd.  See the nss_map_{to,from}_alias().  The idmap_adex()
plugin has an implementaiton of those API calls IIRC.





cheers, jerry
-- 
=====================================================================
http://www.plainjoe.org/
"What man is a man who does not make the world better?"      --Balian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090520/2030befd/signature.bin


More information about the samba-technical mailing list