--=-zwGu9q0+xcgh2h9vwtuZ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2004-09-16 at 17:11, Henrik Nordstrom wrote:
> On Thu, 16 Sep 2004, Andrew Bartlett wrote:
>=20
> > My suggestion is that we would return SIDs only, and that you would
> > convert the names that you store for ACLs into SIDs, for comparison.
> > (The reason we would only return the SIDs is to avoid the extra network
> > cost.)

>=20
> Doesn't winbind cache these SID->Name lookups, thereby already avoiding=20
> the cost in most cases?


They are, but I'm a cache skeptic (despite my love for squid ;-). I've
been designing this code to avoid needing to make any extra queries at
all - that way, we don't add network load, even in the worst cases.

However, more importantly what we have found is that the extra network
calls can sometimes block in nasty ways - which with a single-threaded
winbindd bites us badly...

Andrew Bartlett

--=-zwGu9q0+xcgh2h9vwtuZ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBSZNfw6AkmCjZ77cRAnBRAJ4in8eOExJ1Onxurv5Z4N Dcc94EfwCfaUPZ
FrxZ0mdcloWVGZi2HeU4+MU=
=G8GQ
-----END PGP SIGNATURE-----

--=-zwGu9q0+xcgh2h9vwtuZ--