Security model in samba-2
David Collier-Brown
davecb at Canada.Sun.COM
Thu Sep 3 14:46:42 GMT 1998
Luke Kenneth Casson Leighton wrote:
>
> andrej,
>
> you have hit on exactly the right problem. unless the unix system you are
> using supports the concept of "domains", namely that every process, file
> and other object has a "SID" attached to it (max 28 bytes or so) instead
> of a 32 bit uid, then you cannot support multiple domains.
And it doesn't even map into the old
``orange book'' (military) concepts of secuity
categories and levels within them...
So you can't easily map them to anything standard,
nor interpret them as subsets of something bigger.
Hmmn.. and that doesn't **seem** to match up with
Kerberos, either. I wonder if it's going to change
in NT 5?
--dave
--
David Collier-Brown, | Cherish your enemies. They're harder to
185 Ellerslie Ave., | come by than friends and more motivated.
Willowdale, Ontario | davecb at canada.sun.com, hobbes.ss.org
N2M 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb
More information about the samba-technical
mailing list