password API needed

Jean-Francois Micouleau Jean-Francois.Micouleau at
Fri May 8 12:03:13 GMT 1998

On Fri, 8 May 1998, Luke Kenneth Casson Leighton wrote:

> in your ldap code, you make the distinction between a "machine" account
> and a "user" account.  can you remove this distinction?  machine acounts
> _are_ user accounts, and "machine" accounts is a misleading name: they are
> actually a subset of trust accounts.  therefore, can we refer to them as
> "trust" accounts from now? 

I know you don't want to make a distinction between users and machines. I
still don't like it. You make a distinction between aspirin and laxative
even if they are both medecine and you store them in the same place.

> the uint16 acct_ctrl member, when the ACB_WKSTRUST bit is set, correctly
> and uniquely identifies the account as a workstation trust account. 

That's faster to look at only users or trust accounts in ldap and that's
the same for SQL for example.

> there just happens to be an additional (redundant but "visual-in-text") 
> method to identify a trust account: it ends with $. 

BTW having two distinct object classes is more 'NT5 compliant' in an LDAP
point of view.

Pinky: "What are we going to do tonight, Brain?"
Brain: "The same thing we do every night, Pinky :
	try to install Windows NT !"

More information about the samba-technical mailing list