Re: Winbind - functionality extension needed

> No.   nscd also solves the problem of calling into nss_ldap
> in the user context (i.e. permissions on the system keytab).
>
>  
Wow! You are right. BUT: nscd runs under "nscd" user account (not
speaking about the SELinux policy) so even nss_ldap would be called in
"nscd" user context. And besides, nss_ldap can not directly use the
system Kerberos keytab file. So nscd does not help me either.
> I'm just offering suggestions.  Having winbindd deal with
> other NIS maps seems a bit out of mainstream IMO.  But it's not
> really my call.
>  
I agree, having nss_ldapd would be the best solution, indeed.
Ondrej