[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM, When?



Luke Kenneth Casson Leighton wrote:

> On Tue, 27 Oct 1998, Luke Howard wrote:
>
> >
> > >     This includes the use of NIS for name services
> > >     (i.e. mapping UID/GID's to user/group names for the
> > >     ls -l command et al)?
> >
> > Yes. (Thorsten Kukuk and Ulrich Drepper are the glibc NSS gurus, BTW.)
> > Whether atomic UIDs and GIDs are the way of future remains to be seen, but
> > the kernel and filesystem may need to change to handle different
> > identifiers, such as SIDs.
>
> yes, i want to see this happen.  to make it an easier job, you would use
> the existing 16 bit or 32 bit process / file ids as an index into a table.
> for SIDs, you would dynamically allocate an index entry on demand when you
> saw a new SID and put it into the table.
>
> then for the resolution of SIDs to unix uids, you have exactly the same
> problem as NT has, which was resolved by the posix subsystem(s)
> http://www.opennt.com where the user RID has 0x10000 added to it to create
> a uid; the group rid has 0x20000 added to it to create a gid; all trusted
> domains have 0x30000, 0x40000 etc for each trusted domain.
>
> sorry this is probably off-topic by now.  does anyone have a suitable
> linux kernel mailing list address handy?

You need 32-bit UIDs (which Linux doesn't really have yet), and you need not to
conflict with local policies.  This particular set of decisions would conflict
with proposed Lucent policies for managing the global uid/gid space.  Also, you
need to map them into the correct UNIX uid.  For example, I need to have my
files be owned by me regardless of whether I'm trying to access them from NT or
UNIX.  So, my uid always has to be 800, regardless of where I come from.

            -- Alan Robertson
               alanr@bell-labs.com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []