Single Sign-On: Winbindd
- Modern UNIXs (and Linux) use a "name service switch" to look up accounts and groups.
- Configurable via /etc/nsswitch.conf this allows any backend account database to be used to provide user and group lists and id's.
- Windows theoretically has a similar client side API, the LSA API, but this has never been documented by Microsoft (this is what people mean when they talk about hidden API's :-).
- winbindd is a daemon that uses the trust account with a PDC/ADS to convert user/group names into SIDs and dynamically map them to UNIX user and group id's.
Notes:
No notes for slide 32