[RFC] When require_membership_of parameter contains invalid groups, we should ignore the invlid groups instead of failing the authentication completely
boyang
boyang at samba.org
Wed Oct 14 00:38:03 MDT 2009
Hi,
When require_membership_of parameter in pam_winbind contains invalid
groups, all users cannot login. Because authentication fails when it
cannot convert group name to sid.
Should we continue with the group list ignoring the invalid ones?
For example:
user A belongs to group B and C. group C is an invalid group.
require_membership_of = B,C
In this case, A cannot login. It might be better if we print a
warning message to indicate that some groups might be invalid.
Patch for master is in the attachment.
I am not sure whether this will incur other issues. :-) Please comment.
Thanks!
--
Bo Yang, Software Engineer, Suse Labs
GPG-key-ID 538C4C1A
Samba Team boyang at samba.org http://www.samba.org/
SUSE Linux boyang at suse.de http://www.novell.com/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pam_winbind-require-membership-master.mbox
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091014/f50ee711/attachment.ksh>
More information about the samba-technical
mailing list