Template Version: @(#)sac_nextcase 1.69 02/15/10 SMI This information is Copyright 2010 Sun Microsystems 1. Introduction 1.1. Project/Component Working Name: idmap: default unresolvable SID mapping to true 1.2. Name of Document Author/Supplier: Author: Jordan Brown 1.3 Date of This Document: 19 March, 2010 4. Technical Description
SUMMARY PSARC 2008/408 introduced config/unresolvable_sid_mapping, a SMF parameter to control treatment of SIDs that cannot be looked up, with a default of false. This case proposes to change the default to true. BACKGROUND Windows Security IDs (SIDs) fill the same role as UIDs and GIDs. Solaris supports them by dynamically mapping them to UNIX IDs using a variety of techniques, including dynamically allocated "ephemeral" IDs. In some cases, it may not be possible to look up a SID during the mapping process. The existing default behavior of idmap is to yield an error in such a case. The unresolvable_sid_mapping flag can be used to change this behavior so that idmap maps unresolvable SIDs to ephemeral IDs. The SunStorage 7000 series of storage appliances, the most visible and widely used platform for Solaris Windows interoperability, sets the unresolvable_sid_mapping flag to true. PROBLEM The same interoperability concerns that drove the SS7000 series to set this flag true apply equally to generic Solaris, and the difference in configuration between the two platforms can lead to confusion and requires duplicated testing. PROPOSAL Interpret a missing config/unresolvable_sid_mapping property as "true" instead of "false". The property remains undocumented, but available if necessary to force the old behavior. DELIVERY VEHICLE Solaris RELEASE Minor (as part of the ongoing OpenSolaris stream) COMMITMENT LEVEL The behavior - supporting unresolvable SIDs - is Committed. The mechanism - config/unresolvable_sid_mapping - is Project Private. REFERENCE DOCUMENTS PSARC 2008/408 6. Resources and Schedule 6.4. Steering Committee requested information 6.4.1. Consolidation C-team Name: ON 6.5. ARC review type: FastTrack 6.6. ARC Exposure: open