Radically trim down winbind?
Volker Lendecke
vl at samba.org
Fri Nov 4 12:19:00 UTC 2016
On Fri, Nov 04, 2016 at 01:12:17PM +0100, Stefan Metzmacher wrote:
> I case we really need, we should have one dedicated winbindd child
> per logged in user, where we do administrative tasks, but using
> the users credentials and not the machine credentials.
> The user would need to do an implicit or explicit wbinfo --pam-logon=
> before. root may use the machine account, but everything should
> still be in a dedicated child, completely isolated from the core
> winbindd logic.
I thought about that. But with cached credentials we could have all of
that logic in user space programs with winbind just taking care of the
authentication.
Volker
More information about the samba-technical
mailing list