-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jerome Haltom wrote: > Okay, I agree then. There are a set of standard ways of representing a > user name on a domain. There is 'NT\username', there is > '[EMAIL PROTECTED]'. And there is 'username'. > > Is it so bad to think that [EMAIL PROTECTED] should be desired? I desire it > because I have non-Windows related things that use plain Kerberos > realms, and they use this form. And I like it. There is no short NT4 > style name in these circumstances. > > Perhaps then just a single option for the single canonical version? > "unix", "nt", "realm". > > winbind canonical form = realm > > All look ups of all forms would be mapped to this single representation. > That way users could login using any.
Nope. You haven't looked at how much trouble this would be in the code. For example, Lookupsid() *always* returns the sAMAcountName but LookupName() will resolve a UPN to the same SID. So The conversion is asymetric. UPN->SID->sAMAcountName. But canonicalizing on the sAMAccountName does give you a symmetic mapping. Secondly, your 'unix' variant would break with trusted domains. So yes, it is a bad idea for very real technical reasons. cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGjqnYIR7qMdg1EfYRAsoLAKDoPhJ3hYBvMizMxZYShjqeK+TVjwCcDpFQ 93YK+cixGgFyqlQzoiOUoWM= =Gpru -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
