[PATCH] winbind interface to extract SIDs from PAC
Christof Schmitt
christof.schmitt at us.ibm.com
Thu Jul 5 17:31:16 MDT 2012
abartlet at samba.org wrote on 07/03/2012 04:20:53 PM:
> On Tue, 2012-07-03 at 19:02 -0400, simo wrote:
> > Andrew,
> > what's the point of doing IPC and a full round through Windbind just
to
> > use a function that is available to you through a public API ?
> >
> > Using the API means you can use this without having winbindd set up.
> > Forcing a user to set up winbindd just to decode the PAC doesn't
struck
> > me as the most reasonable interface.
>
> Simo,
>
> Indeed! I guess I didn't think about it that way, perhaps because I was
> thinking about the details required for the full expansion of groups,
> and handling the id mapping in the same call.
>
> On further investigation, the group expansion is going to be quite
> tricky anyway.
After chatting with Ronnie, i realized that linking the libraries
will not work in this case: As mentioned in another email, this
interface is intended to be used by the Ganesha NFS
server. Ganesha is licensed under the LGPL, so it cannot link
with the Samba libraries licensed under the GPL.
Winbind would be a good interface, since even if Ganesha could
read the SIDs from the PAC, it still has to make a call to
winbind to get the mapping to the uid/gids. There will always be
an IPC call to winbind in this scenario.
The initial patch introduces an interface to get the SIDs from
the PAC. If it would be more reasonable to provide one call to
get directly to the uid/gids, i can rework the patch to get the
mappings internally in winbind.
Regards,
Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com || +1-520-799-2469 (T/L: 321-2469)
More information about the samba-technical
mailing list