-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Luke Kenneth Casson Leighton wrote:
| On Sun, Dec 12, 2004 at 01:07:52AM +0100, Jelmer Vernooij wrote:
|>|>In Samba4 you would do this:
|>|>
|>|> server services = rpc
|>|>
|>|>and this would make Samba only start the rpc server (so it would not
|>|>start the builtin smb or ldap servers). It will only be listening on
|>|>tcp ports 135 and 1024, plus any local rpc transports that are defined
|>|>(such as /var/ncalrpc/DEFAULT and /var/ncalrpc/EPMAPPER) and any fixed
|>|>ncacn_ip_tcp ports defined in the builtin IDL files.
|>|
|>I think what Tridge means is actually 'forwarding' the RPC data (for
|>which Samba4 already has support, e.g. you can redirect a complete pipe
|>to a remote server) instead of having a hack that bypasses the local
|>endpoint and talks to a local pipe.
| is it possible to convey the security context that has been established
| up until that point?
Not yet, currently the whole thing is root-accessible-only. We do
actually do auth over it, as does Windows (see
http://msdn.microsoft.com/library/de...ng_binding.asp).

| the purpose of the root-only-accessible ncalrpc transport is to provide
| communication optimisations *inside services running as root*.
Why? Windows uses them for regular users as well, otherwise there
wouldn't be much point in authentication
info passing...

What would the purpose of such a root-only-accessible ncalrpc-like
transport you propose be ?

| in other words, you don't want the headache of communicating
| between services over globally-accessible interfaces and
| having to prove authenticity once more, whether those interfaces be
| ncadg_ip_udp, ncacn_ip_tcp or ncacn_np or Other.
|
| and you _also_ need to add a "ncacn_ux" to the list of available
| transports just like there are ncacn_np etc listed above.
Already did that. Samba 4 currently supports ncacn_ip_tcp, ncacn_np,
ncacn_unix_stream and ncalrpc. For example, epmapper is available on:
ncacn_np:[\\pipe\\epmapper]", "ncacn_ip_tcp:[135]",
"ncalrpc:[EPMAPPER]", "ncacn_unix_stream:[/tmp/epmapper]

| it is vital that you do not confuse the roles of the two interfaces:
| they are mutually incompatible for the uses to which they are put.
Which interfaces are you referring to here - ncacn_unix_stream and
ncalrpc ?
What is their difference, other then that they are two different transports?

Cheers,

Jelmer

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBvHAnPa9Uoh7vUnYRAqoEAKCS60WiF7XmDHFcwnYxXk BBgOs3cwCeMzvY
W6JXBllDouLdjvCmJakZ27A=
=M9w+
-----END PGP SIGNATURE-----