Re: Newbie - user authentication failing.
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Newbie - user authentication failing.
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Vinay Kalkoti <kalkoti.vinay [at] gmail.com>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Newbie - user authentication failing.
- Date: Sun, 13 Feb 2011 21:54:39 +0100
On Sat, 2011-02-12 at 01:53 +0530, Vinay Kalkoti wrote:
> I am comfortable with "C" programming. I can tweak the code to
> populate the uidNumber by creating a hash of "uid" so that it gives me
> a unique number for each user account. But, I would need pointers on
> what code to tweak.
The code that implements this is in nslcd/passwd.c. At the end of the
file the handler function bodies are mostly generated by macro's but to
implement this I guess you need to modify
write_passwd()
to return proper numeric values based on whatever method you implement
and
mkfilter_passwd_byuid()
to perform the correct search to handle a lookup for a user by it's
numeric userid.
Since this feature was requested a couple of times already, I would
really appreciate it if you could provide your implementation when it's
finished. It doesn't need to be polished but it would be nice to have a
starting point.
If this has to be solved correctly the hash function should not produce
collisions (or as few as reasonably possible) and be reversible (for the
numeric to name lookups).
Assuming user names are 3 to 8 characters, and only consist of
lower-case letters you have about 2.2*10^11 possible usernames. You may
be able to bring that down by using smart compression (not all letters
have the same frequency) but I don't think it's easy to bring it down to
about 5.8*10^4 [0] without a lot of effort.
Another option would be to use some value that can be found in AD (the
SID?) to use as a basis for the numeric uid.
[0] This is the uid range (1000-59999) that is allocated in Debian for
normal user accounts.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users