| commit | 391a72f3dfc061d6d97752c7e8691f80b4990ba8 | |
| author | Gerald Carter <jerry@samba.org> | |
| Sun, 6 May 2007 20:16:12 +0000 (6 20:16 +0000) | ||
| committer | Gerald (Jerry) Carter <jerry@samba.org> | |
| Wed, 10 Oct 2007 17:21:49 +0000 (10 12:21 -0500) | ||
| tree | f9d596fb1fe072365f192fdf20751fd277731c1d | treesnapshot (tar.gz zip) |
| parent | 044f1b4a993cd7711fd9721a73cf9e2f9c90f5a5 | commitdiff |
r22710: Support one-way trusts.
* Rely on the fact that name2sid will work for any name
in a trusted domain will work against our primary domain
(even in the absense of an incoming trust path)
* Only logons will reliably work and the idmap backend
is responsible for being able to manage id's without contacting
the trusted domain
* "getent passwd" and "getent group" for trusted users and groups
will work but we cannot get the group membership of a user in any
fashion without the user first logging on (via NTLM or krb5)
and the netsamlogon_cache being updated.
(This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
* Rely on the fact that name2sid will work for any name
in a trusted domain will work against our primary domain
(even in the absense of an incoming trust path)
* Only logons will reliably work and the idmap backend
is responsible for being able to manage id's without contacting
the trusted domain
* "getent passwd" and "getent group" for trusted users and groups
will work but we cannot get the group membership of a user in any
fashion without the user first logging on (via NTLM or krb5)
and the netsamlogon_cache being updated.
(This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)