[GSoC 2007] Improving Samba 4 winbind, a look back.
Andrew Bartlett
abartlet at samba.org
Wed Sep 19 21:09:38 GMT 2007
On Wed, 2007-09-19 at 15:11 +0200, Kai Blin wrote:
> On Wednesday 19 September 2007 13:41:48 Andrew Bartlett wrote:
>
> > > What is left to do
> > > ------------------
> > >
> > > * PAC/info3 caching
> > > As with NTLM caching, PAC/info3 caching was discarded. Caching is
> > > only interesting once the other features are working and will be
> > > implemented eventually.
> >
> > I actually disagree here. This is perhaps the only reliable way to get
> > the groups a user is a member of, and should instead be the primary
> > method by which this is obtained. There is rumoured to be kerberos
> > calls to obtain a PAC for a user (without their password), and we should
> > try and support this.
>
> I'm not quite sure if I understand you correctly here. Are you saying that PAC
> caching is needed to figure out group membership? I had the impression that
> all the caching was doing was to save us another request for the PAC. Or do
> you only get a PAC during the log-on?
You only get the PAC during the log-on, and it is the canonical list of
groups that a user is a member of.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070920/b03161c5/attachment.bin
More information about the samba-technical
mailing list