On Fri, Aug 17, 2007 at 03:39:33AM +0200, Timur I. Bakeyev wrote: > BUGS > The getgrouplist() function uses the routines based on getgrent(3). If > the invoking program uses any of these routines, the group structure will > be overwritten in the call to getgrouplist().
If getgrouplist really finds group members by doing the setgrent/getgrent/endgrent thing, then you're screwed. You just can't use FreeBSD as a member of large domains. I've seen a domain where "domain users" has more than 100.000 users, and doing getgrent on that one takes ages. This domain has other huge groups. > Another function, getgroups(2), seems, doesn't have such a comment in > the man page, but I can't really imagine, where else it can get user > group list information. getgroups(2) at least under Linux that fetches the group list from the kernel. Someone must have put them there with setgroups(2) first, so this is no help. > I thought, that Linux has similar approach, but from your question it > seems it's not. Can you give more details, please? Linux has an nss extension called initgroups that exactly asks the right question: "What are the groups for this user?". It does not delegate this to the login application which just would have to fall back to getgrent. Volker
pgpQbHGM9A9m4.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba