Why are we allocating ID_TYPE_BOTH on a user or machine SID type ?

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Oct 17 02:06:16 MDT 2013


On Wed, Oct 16, 2013 at 09:02:48PM -0700, Jeremy Allison wrote:
> But in the case where a SID *is* a SID_NAME_USER or a SID_NAME_COMPUTER,

Well, in the future if we want to support sidHistory, the
role for SID_NAME_USER will change. What used to be a user
will not be resolvable anymore and in future tokens will be
presented to us as part of the auxiliary SIDs. We can only
make use of those IDs if we put them in as auxiliary groups
into our unix token. Yes, we need a modifed acl mapping for
this, so it's probably not done yet. But that is another
reason for TYPE_BOTH.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de


More information about the samba-technical mailing list