.\"
.\"	aegis - project change supervisor
.\"	Copyright (C) 2001-2004, 2006, 2008 Peter Miller
.\"
.\"	This program is free software; you can redistribute it and/or modify
.\"	it under the terms of the GNU General Public License as published by
.\"	the Free Software Foundation; either version 3 of the License, or
.\"	(at your option) any later version.
.\"
.\"	This program is distributed in the hope that it will be useful,
.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\"	GNU General Public License for more details.
.\"
.\"	You should have received a copy of the GNU General Public License
.\"	along with this program. If not, see
.\"	
 
 
Compounding this is the fact that many sites want to develop their software for both Unix and Windows NT simultaneously. This means that the security of the repository needs to be guaranteed to be handled in the same way by both operating systems, otherwise one can act as a “back door” into the repository. Many sites do not have the same users and permissions (sourced from the same network register of users) on both Unix and Windows NT, making the mapping almost impossible even if the security models did actually correspond.
Most sites using Aegis and Windows NT together do so by running Aegis on the Unix systems, but building and testing on the NT systems. The work areas and repository are accessed via Samba or NFS. .br
If you have expertise in this area, and can offer a solution please let me know. This is an open source project, code is always welcome. .br
This approach as two problems:
1. the example prompts the user for a password. This is not acceptable, because they aren't supposed to know it! I hope there is another way.
2. It says "An important restriction is that the application using LogonUser must have special permissions: Act as part of the operating system, Replace process level token, Increase quotas" but it doesn't say how you grant these permissions specifically to an application without granting them to a user. (This is precisely what the UNIX set-uid bit does.) As far as I know, this is impossible on Windows NT. .br
If you have the necessary expertise to make this work I would like to header from you. .br
You may have to integrate changes on the file server itself.