> > Marc, you have hit the nail on the head. What we really need on > > Unix is to replace the file based credentials cache with something > > else that can be contacted securely by the network process, the login > > process, and the user. > > Something like Windows 2000's LSA service and SSPI? yep. the way that nt's security works is that a process, or a process-that-can-be-contacted-by-another-process caches sufficient authentication info to be able to automatically verify that resources can be accessed. in the case of nt5, this is a krb tgt. in the case of nt4, this is the username/domainname/password-hash. in the case of file access, there is _also_ a third party "pass-through" mechanism, where the third party can request access to a resource in a remote location, and rights to access the resource are "passed through" to a central authentication location (in the case of nt4, the PDC). the remote location "trusts" the central authentication location, and this is backed up by, and protected by, a protocol that uses a "trust account". this process is well understood and pretty much fully implemented in the samba source code. the "remote location" is a Windows NT Workstation as a member of a Domain. the "central authentication location" is a Windows NT-compatible PDC. the "process" is the NETLOGON DCE/RPC api. the "trust account" is a Workstation Trust Account that is stored in the SAM database. the "third party" is any SMB client. luke
