On Sun, 8 Sep 2002, Andrew Bartlett wrote:
> For these I would much prefer (unless you have a very good reason) to
> just use PAM. That way we keep the number of interfaces down. (We have
> to maintain the PAM suff regardless).
I would prefer if there was a "direct" alternative, not requiring PAM.
Mainly for simplicity of administration, but also because we have to
support some systems not using PAM...
Btw, is it at all possible to build winbindd on systems not supporting PAM
and/or NSS?
> But if it just 'falls out' of the design (we will want one way to do
> plaintext, just for testing sanity) then it's fine.
As the plaintext support will be needed anyway for testing I don't think
adding a couple of stream protocols for it will be much of a deal.
> For now, you guys 'own' the protocol but I don't mind either way.
Ok.
> > What about a also supporting a stream oriented NTLM mode?
>
> I don't see the need - most applications doing this so frequently that
> they need a stream mode are doing NTLMSSP anyway. Less interfaces
> again...
Right.
> That's what we need to do with a privileged pipe - the idea is to avoid
> needing to add a dependency on SO_PEERCRED.
Either way is fine by me.
Note: You still need smb.conf options to specify the required privileges..
instead of verifying with SO_PEERCRED this is then used to set the
permissions of the privileged pipe when created by winbindd.
I'll try to collect all of this into a single document.
Regards
Henrik
Received on Sun Sep 08 2002 - 03:14:44 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:29 MST