SYSKEY2. Request For Comments

Cole, Timothy D. timothy_d_cole at md.northgrum.com
Fri Feb 4 18:32:48 GMT 2000


> -----Original Message-----
> From:	Luke Kenneth Casson Leighton [SMTP:lkcl at samba.org]
> Sent:	Friday, February 04, 2000 13:14
> To:	Multiple recipients of list SAMBA-NTDOM
> Subject:	Re: SYSKEY2. Request For Comments
> 
> On Fri, 4 Feb 2000 jeremy at valinux.com wrote:
> 
> > > 
> > > On Sat, 5 Feb 2000, Nicolas Williams wrote:
> > > 
> > > > It's not a bad thing, but it's also not any more secure than the
> > > > shadow idea.
> > > 
> > > it's _as_ secure.  that's good enough for me.
> > > 
> > > for the record, i'm taking in ideas at the moment, not
> implementations,
> > > design brain-storming only, please.
> > > 
> > 
> > But it's only *as* secure, plus 3000 lines of extra
> > crypto code. What's the point ?
> 
> estimated 200, not 3000.  it avoids me having to lock two databases when
> one will do.
> 
	Do the costs of having to lock two databases outweigh those of
writing 200 LOC of code?

	Personally, the approach I would tend to take would be to write a
small wraper API for tdb that allows you to treat multiple "physical"
databases as a single "logical" database.  If you factor out the added
complexity in one place, I'd be suprised if it was 200 LOC. (no, I'm not
volunteering to write another library; I've got my hands full already :P)



More information about the samba-ntdom mailing list