POV-Ray: Newsgroups: povray.off-topic: Stupid question of the week: Re: Stupid question of the week

POV-Ray : Newsgroups : povray.off-topic : Stupid question of the week : Re: Stupid question of the week		Server Time 6 Sep 2024 03:15:55 EDT (-0400)

From: Orchid XP v8
Date: 12 May 2009 17:05:15
Message: <4a09e48b$1@news.povray.org>

Darren New wrote:

> For example, when I can unplug a USB drive off one Unix system and plug 
> it into a different one and Fred (uid 1002) can't get to Jane's files 
> (also uid 1002) on the USB drive, I'll be pleasantly surprised. Is there 
> anything already in Linux or whatever to make that work?

Windows does this by assigning to every PC and every domain a large 
random number which is hopefully "unique". Every user account created on 
a specific PC has that PC's number as part of the account number. 
Similarly, every domain user account has the domain number as part of 
the account number.

If, by some freak of nature, two machines had the same ID, you could 
indeed to weird stuff like what you're suggesting. It's just rather 
unlikely. (Cloning a harddrive image and forgetting to randomise the ID 
afterwards is about the only way...)

> Does the Linux equivalent of "active directory" (which was Kerberos last 
> I looked) interact with the local file system well?

Last I checked, Active Directory uses the (pre-existing) Kerberos 
network protocol for authentication.

As I understand it, Kerberos defines the wire protocol for how an 
arbitrary client connects to an arbitrary server and authenticates 
itself. What kind of security model you build using this is completely 
up to you.

In the case of MS, they built the domain model. [Or, more exactly, took 
their existing domain model and replaced the horribly broken LANMAN 
subsystem with Kerberos.]

Kerberos says nothing about what happens on the local machine. The MS 
domain security model does.

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message