[Samba] 'Scripted' machine account renewal?!

[Marco Gaiarin]

Mandi! Kees van Vloten via samba
  In chel di` si favelave...

>> For a sake of simplicity i'm thinking to use machine account (-P).
> There is "net changetrustpw" to do this.

Ok, i've missed that. Thanks.


> If you just have a service that does LDAP-queries, I would create an 
> ordinary user-account for it (and start it's name e.g. with "svc_"). 

This is my first options, i was only speculating...


> With this you decide easily how to manage the password. Or if you use 
> kerberos for this account, you can set the password with samba-tool to a 
> random very long value and use a SPN and keytab for authentication, no 
> hassle with passwords at all...

Interesting... i supposed that still Kerberos ticket have to be 'upgraded',
so... there's really a way to generate a 'permanent' kerberos ticket?

Some info on how to do this? Thanks.

-- 
  In amore ci vuole fortuna, ma anche un bel culo non guasta.
							(Fabio Fazio)