| Subject | Re: Firebird Security Authentication Configuration Questions |
|---|---|
| Author | |
| Post date | 2018-02-02T17:48:09Z |
Brief answer is "no" for both questions. But this does not mean that such task is impossible, just that nobody used to pay attention to it cause in theory I see no reasons why this can not be done.
Trusted authentication has 2 steps. First, client should pass to the server context of logged in user. Next server determines login name for that context. If we find in linux (not sure where should they be - in sambe? in pam?) calls performing same tasks compiling plugin for linux will not be a problem.
List of required API functions FYI is :
AcquireCredentialsHandle, DeleteSecurityContext, FreeCredentialsHandle, QueryContextAttributes,
FreeContextBuffer, InitializeSecurityContext, AcceptSecurityContext,
GetTokenInformation, AllocateAndInitializeSid, EqualSid, FreeSid
May be I missed one or two but suppose that's not critical for now.
Trusted authentication has 2 steps. First, client should pass to the server context of logged in user. Next server determines login name for that context. If we find in linux (not sure where should they be - in sambe? in pam?) calls performing same tasks compiling plugin for linux will not be a problem.
List of required API functions FYI is :
AcquireCredentialsHandle, DeleteSecurityContext, FreeCredentialsHandle, QueryContextAttributes,
FreeContextBuffer, InitializeSecurityContext, AcceptSecurityContext,
GetTokenInformation, AllocateAndInitializeSid, EqualSid, FreeSid
May be I missed one or two but suppose that's not critical for now.