Compounding this is the fact that many sites want to develop their software for both Unix and Windows NT simultaneously. This means that the security of the repository needs to be guaranteed to be handled in the same way by both operating systems, otherwise one can act as a “back door” into the repository. Many sites do not have the same users and permissions (sourced from the same network register of users) on both Unix and Windows NT, making the mapping almost impossible even if the security models did actually correspond.
Most sites using Aegis and Windows NT together do so by running Aegis on the Unix systems, but building and testing on the NT systems. The work areas and repository are accessed via Samba or NFS.
If you have expertise in this area, and can offer a solution please let me know. This is an open source project, code is always welcome.
This approach as two problems:
1. the example prompts the user for a password. This is not acceptable, because they aren't supposed to know it! I hope there is another way.
2. It says "An important restriction is that the application using LogonUser must have special permissions: Act as part of the operating system, Replace process level token, Increase quotas" but it doesn't say how you grant these permissions specifically to an application without granting them to a user. (This is precisely what the UNIX set-uid bit does.) As far as I know, this is impossible on Windows NT.
If you have the necessary expertise to make this work I would like to header from you.
You may have to integrate changes on the file server itself.
|The beautiful graphics on this web site are by Grégory Delattre.||Return to the Aegis home page.|