On Sun, 8 Sep 2002, Andrew Bartlett wrote:
> So, where do we go from here? For anything that looks at all like unix,
> the published unix interfaces are the way to go - we implement nsswitch
> and PAM in particular. For NTLMSSP, I've poposed one earlier in this
> thread. For the other interfaces, somebody (not me!) needs to define an
> interface, and propose it to samba-technical.
Squid do have a UNIX group helper. However, in quite many cases the
administrator do not want winbindd NSS integration in the system, only to
be able to set up specific applications (i.e. Squid) to authenticate and
authorize via winbindd which brings the need of a separate path not
using NSS..
> For reasons of portability/flexability, the current mood is for
> executable helpers that pass simple text structures around, not shared
> libraries that need maintenance.
Fully agreed.
> BTW, where the issue is groups of NTLMSSP, I'm quite willing to have the
> ntlm_auth helper spit out the user's groups at login time - we get the
> info, so it's not that much work to pass it on.
Unfortunately Squid want's the group information later in a separate query
the way things are designed now, but have thought for a long time about
adding support for groups (or other attributes) to be returned by
authentication.
Regards
Henrik
Received on Sun Sep 08 2002 - 02:51:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:28 MST