Getting the SID of the user out of the PAC ...
Stefan Metzmacher
metze at samba.org
Fri Sep 27 06:58:43 UTC 2019
Am 27.09.19 um 08:50 schrieb Steve French:
> On Fri, Sep 27, 2019 at 1:44 AM Stefan Metzmacher <metze at samba.org> wrote:
>>
>> Am 27.09.19 um 08:39 schrieb Steve French via samba-technical:
>>> Is there a way to get the SID of the user out of the MS-PAC through
>>> Samba utils (or winbind)?
>>>
>>> This would help cifs if when we upcall as we do today to get the
>>> kerberos ticket, we were also given the user's SID not just the ticket
>>> to use to send to the server during session setup.
>>
>> Only if you get a service ticket for the joined client machine.
>>
>> But I don't understand what a possible use case would be.
>
> When not mounting with "idsfromsid" this would allow us to use the
> correct owner SID when creating ACLs (to include the owner and mode)
> on mkdir and filecreate (the acl can be sent in the sd_context during
> create)
Maybe CREATOR_GROUP and CREATOR_OWNER are of some use for that...
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190927/a0c1eb5d/signature.sig>
More information about the samba-technical
mailing list