[PATCH] winbind interface to extract SIDs from PAC

Christof Schmitt christof.schmitt at us.ibm.com
Fri Jul 6 10:12:22 MDT 2012

Volker Lendecke <Volker.Lendecke at sernet.de> wrote on 07/05/2012 11:48:10 

> On Thu, Jul 05, 2012 at 04:31:16PM -0700, Christof Schmitt wrote:
> > The initial patch introduces an interface to get the SIDs from
> > the PAC. If it would be more reasonable to provide one call to
> > get directly to the uid/gids, i can rework the patch to get the
> > mappings internally in winbind.
> If you can live with the two-step process, I would rather
> have winbind extract only SIDs. Different client apps might
> want to look at the SID values, we would have to create
> another interface for them.

Based on the feedback i have received the two-step process is
fine for the Ganesha requirements.

> What might be more interesting in the future is extraction
> of the whole PAC info, but this is definitely another call.

Yes, this would be future work.

Here is an updated version of the patch implementing the new
winbind interface function. The master branch now has
kerberos_pac_logon_info in a common library, so winbind can use
this function get the PAC_LOGIN_INFO.


Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-winbind-New-interface-function-wbcPacToSids.patch
Type: application/octet-stream
Size: 7066 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120706/b5192a08/attachment.obj>

More information about the samba-technical mailing list