Subdomain support in the AD DC!
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Sep 11 22:27:50 CEST 2013
On Thu, Sep 12, 2013 at 07:59:57AM +1200, Andrew Bartlett wrote:
> We certainly could. I should have been clearer as to why I suggested
> this particular task: Yes, NTLM authentication could be done with an
> existing or modified interface, and the other calls in winbind.idl are
> trivial.
>
> I suggested this task because all the other parts are already in place:
> We have a simple client to test with (ntlm_auth4), and the server code
> already exists. That way, the task itself is fairly simple - just glue
> already working components together.
>
> That said, there are only 3 working calls in winbind.idl, and we could
> certainly continue to expand the existing protocol. My only comment on
> that is that it just puts off at least trying to use IRPC (which is
> already based on metze's binding handle work), and a common unix domain
> socket based messaging system, both of which would I think be useful
> more broadly.
>
> IRPC is used elsewhere in the source4 code. It is quite a flexible,
> async, IDL-based messaging system, and it would be great if more parts
> of our code could talk to each other.
That might be true. But given our limited resources we need
to take short cuts in places I believe. Right now I don't
see a real functional need that would make irpc in
source3/winbind strictly necessary. It might come in the
near future, but right now I believe using the old crap
protocol behind a relatively clean API is just less work.
Don't get me wrong, I have seriously played with unix domain
datagram sockets for messaging scalability already and
sooner or later it will happen. The real need will come from
a completely different corner: ctdb scalability and
parallelism. But right now -- not yet for me.
This is an isolated interface that is relatively easily
replacable. I would like to attack the functional problems
first. I am the first to do a lot of small cleanups here and
there when I come across bad code (see my brlock cleanup of
this morning for example). But my personal level of pain
with the winbind interface has not been reached yet :-)
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
*****************************************************************
visit us on it-sa:IT security exhibitions in Nürnberg, Germany
October 8th - 10th 2013, hall 12, booth 333
free tickets available via code 270691 on: www.it-sa.de/gutschein
******************************************************************
More information about the samba-technical
mailing list