[PATCH] bug 11259 - get smbd to use winbindd to prime the netsamlogon and name2sid caches.
Jeremy Allison
jra at samba.org
Wed Sep 28 17:36:25 UTC 2016
On Wed, Sep 28, 2016 at 09:21:35AM -0700, Jeremy Allison wrote:
>
> FYI - just confirmed this with Guenther - we
> are already doing sequence queries in the parent
> (not all _send()/_recv pairs are async-forwarded
> to children).
>
> If you want to prevent this in this codepath then
> it's possible be could add a name2sid cache entry
> that doesn't check sequence numbers first and use
> that if it comes from a trusted source (PAC). Does
> that sound like a plan ?
So if you are worried the extra refresh_sequence_number()
is too much of a burdon in your use case we can make
the new code call a new function:
cache_name2sid_trusted() which would avoid the
refresh_sequence_number() call and just call
wcache_save_name_to_sid(). As it's coming directly
from a valid krb5 ticket then we can trust it.
Does that help ?
More information about the samba-technical
mailing list