[Samba] FILE:/tmp/krb5cc_500 naming conventions

Andrew Bartlett abartlet at samba.org
Sun Sep 10 20:57:15 UTC 2023


On Sun, 2023-09-10 at 21:51 +0100, Rowland Penny wrote:

> Yes, it probably would be donedifferently now, but that isn't what we
> are talking about, we aretalking about, why would any user on a DC
> have the Unix ID '500'.

500 was (and is likely on some distributions) the UID assigned in
/etc/passwd to the first local user.
Other systems start at 1000, to give more room for system services. 
This explains it well:https://serverfault.com/a/362946
> If I (the user rowland) run 'kinit Administrator' on a DC
> with'idmap_ldb:use rfc2307 = yes' turned off, I get a kerberos
> ticket'/tmp/krb5cc_3000020' (note the Unix ID '3000020'). The only
> way that auser can get the Unix ID '500' on a DC, is if
> 'idmap_ldb:use rfc2307  =yes' is set in smb.conf and the user has the
> uidNumber attribute set to500, which as I already said is also the
> RID for Administrator.
> Why would anyone give a normal user the ID '500' ?

The installer does, for the first system user.
Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead                https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions


More information about the samba mailing list