method to do this and I'd have to implement this myself if
I want it. Would the following work?
Add a parameter to smb.conf listing the domains to be trusted
and have smbd read them in, then with security = user, after
failing to authenticate a request locally, check for 'allow
trusted domains = yes' (fail if no) and pass the request to
each domain in the list until it is accepted. the code for
making the request probably exists in 'security = domain'
or 'security = server'. fail the request if the list is exhausted
without a positive response.
Question: Is the intended domain included in the request? If
so, the design needs a bit more work.
Question: How to prevent circular trust relations from causing
a viscous cycle? Keep a list of outstanding forwarded requests
and postpone action on duplicates until the original request
times out? How long a time-out?
Question: Is there a negative response that means 'user disabled'
and what should be done if it is received? I can see failing
such requests immediately in some cases and ignoring them in some
other cases would be the right thing to do in others, but how to
tell them apart?
mtew@cds.duke.edu
