CVS update: samba/source/auth
Andrew Bartlett
abartlet at samba.org
Sun May 11 23:33:49 EST 2003
On Sun, 2003-05-11 at 23:20, vlendec at samba.org wrote:
>
> Date: Sun May 11 13:20:27 2003
> Author: vlendec
>
> Update of /data/cvs/samba/source/auth
> In directory dp.samba.org:/tmp/cvs-serv7639
>
> Modified Files:
> Tag: SAMBA_3_0
> auth_sam.c
> Log Message:
> When we have a NT4SP0 PDC trust us, we first have to check the
> password. On NT4, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT means
> the password was correct. So the PDC believed that he had his trust
> account correctly added. Later the auth2 naturally failed.
>
> BTW, setting up an interdom trust account is not what I would call
> well documented and easy to handle... Working on that now :-)
I switched that to match the win2k kerberos way of doing things, but at
my production site, I switched it back (because I needed 'must change at
first logon' to produce as useful an error message as possible).
I think this was the right thing to do, but should we give paranoid
admins the ability to disable an account without still revealing it's
password to brute-force attacks?
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-cvs/attachments/20030511/83ebc2c7/attachment.bin
More information about the samba-cvs
mailing list