[PATCH] spnego SPN fix when contacting trusted domains
Steven Danneman
steven.danneman at isilon.com
Mon May 12 23:50:42 GMT 2008
>
> 0001-Use-machine....
> I think the change to secrets.c may break winbindd running
> on a PDC. The change to winbindd_cm.c is ok since we only
> do krb5 logins on a domain member server anyways.
Jerry,
I've looked into this a little more today. My initial impression is
that there are two situations where we need to acquire credentials to
access a trusted domain:
1) Samba is a PDC, and is using the trust account and password
established when the trust relationship was created.
2) Samba is a member server and is using its machine account and machine
password, first to kinit to its PDC, then to connect directly to the
trusted PDC.
I believe both of these cases are covered by patch 0001. Is there
another scenario that I'm missing?
-Steven
More information about the samba-technical
mailing list