Template Version: @(#)sac_nextcase 1.69 02/15/10 SMI
This information is Copyright 2010 Sun Microsystems
1. Introduction
    1.1. Project/Component Working Name:
         idmap:  default unresolvable SID mapping to true
    1.2. Name of Document Author/Supplier:
         Author:  Jordan Brown
    1.3  Date of This Document:
        19 March, 2010
4. Technical Description

    SUMMARY

        PSARC 2008/408 introduced config/unresolvable_sid_mapping, a
        SMF parameter to control treatment of SIDs that cannot be
        looked up, with a default of false.  This case proposes to
        change the default to true.

    BACKGROUND

        Windows Security IDs (SIDs) fill the same role as UIDs and
        GIDs.  Solaris supports them by dynamically mapping them to
        UNIX IDs using a variety of techniques, including dynamically
        allocated "ephemeral" IDs.  In some cases, it may not be
        possible to look up a SID during the mapping process.  The
        existing default behavior of idmap is to yield an error in such
        a case.  The unresolvable_sid_mapping flag can be used to
        change this behavior so that idmap maps unresolvable SIDs to
        ephemeral IDs.

        The SunStorage 7000 series of storage appliances, the most
        visible and widely used platform for Solaris Windows
        interoperability, sets the unresolvable_sid_mapping flag to
        true.

    PROBLEM

        The same interoperability concerns that drove the SS7000 series
        to set this flag true apply equally to generic Solaris, and the
        difference in configuration between the two platforms can lead
        to confusion and requires duplicated testing.

    PROPOSAL

        Interpret a missing config/unresolvable_sid_mapping property as
        "true" instead of "false".  The property remains undocumented,
        but available if necessary to force the old behavior.

    DELIVERY VEHICLE

        Solaris

    RELEASE

        Minor (as part of the ongoing OpenSolaris stream)

    COMMITMENT LEVEL

        The behavior - supporting unresolvable SIDs - is Committed.
        The mechanism - config/unresolvable_sid_mapping - is Project Private.

    REFERENCE DOCUMENTS

        PSARC 2008/408

6. Resources and Schedule
    6.4. Steering Committee requested information
        6.4.1. Consolidation C-team Name:
                ON
    6.5. ARC review type: FastTrack
    6.6. ARC Exposure: open

Reply via email to