password API needed
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri May 8 14:00:04 GMT 1998
On Fri, 8 May 1998, Jean-Francois Micouleau wrote:
> On Fri, 8 May 1998, Luke Kenneth Casson Leighton wrote:
>
> > in your ldap code, you make the distinction between a "machine" account
> > and a "user" account. can you remove this distinction? machine acounts
> > _are_ user accounts, and "machine" accounts is a misleading name: they are
> > actually a subset of trust accounts. therefore, can we refer to them as
> > "trust" accounts from now?
>
> I know you don't want to make a distinction between users and machines.
there is no distinction, as far as NT 3.5 / 4.0 accounts are concerned: we
don't have to like it.
hm. thinks.
thinks some more.
ok, leave it as-is, but rename to "trust" account not "machine" account.
there's no such thing as a "machine" account.
> > the uint16 acct_ctrl member, when the ACB_WKSTRUST bit is set, correctly
> > and uniquely identifies the account as a workstation trust account.
>
> That's faster to look at only users or trust accounts in ldap and that's
> the same for SQL for example.
trust accounts should probably therefore be stored in a separate schema.
> > there just happens to be an additional (redundant but "visual-in-text")
> > method to identify a trust account: it ends with $.
>
> BTW having two distinct object classes is more 'NT5 compliant' in an LDAP
> point of view.
what does NT 5 do with respect to trust accounts?
More information about the samba-technical
mailing list