why is the machine trust account password....
Andrew Bartlett
abartlet at samba.org
Sat Dec 28 23:51:00 GMT 2002
On Fri, 2002-12-13 at 10:42, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 13 Dec 2002, Tim Potter wrote:
>
> > > ....stored in clear text in secrets.tdb (HEAD) when i join an NT 4.0
> > > domain? It doesn't store the the last change time either.
> > > Unless someone yells, i'm going to fix this.
> >
> > Er, it's always been in clear text. Or are you referring to the last
> > change time? That's probably a bug.
>
> I mean we store the password (not the hash). We previously stored
> the hash right?
We need the cleartext becouse some of the kerberos things don't use the
NT#, they use other hashing stuff (particularly for systems without the
latest - unreleased - MIT krb5). Regarding the last change time - yes,
we need to clean up this mess - I was looking to store all domains (even
the local one) in some kind of common record format, that would try to
keep trusted domains using as much common code as possible.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20021228/ea4b64c1/attachment.bin
More information about the samba-technical
mailing list