Radically trim down winbind?
vl at samba.org
Fri Nov 4 12:19:00 UTC 2016
On Fri, Nov 04, 2016 at 01:12:17PM +0100, Stefan Metzmacher wrote:
> I case we really need, we should have one dedicated winbindd child
> per logged in user, where we do administrative tasks, but using
> the users credentials and not the machine credentials.
> The user would need to do an implicit or explicit wbinfo --pam-logon=
> before. root may use the machine account, but everything should
> still be in a dedicated child, completely isolated from the core
> winbindd logic.
I thought about that. But with cached credentials we could have all of
that logic in user space programs with winbind just taking care of the
More information about the samba-technical