[PATCH] ADS changes for joining accounts w/o full Administrator
Antti.Andreimann at mail.ee
Wed Feb 12 11:16:57 GMT 2003
Ühel kenal päeval (kolmapäev, 12. veebruar 2003 00:16) kirjutas Andrew
> I think we need to do a few things here:
> - We should record the principal name we joined with, and only ever
> send that to our clients.
That's a good idea. I'll look into it hopefully sometime during this week.
> should add a typedef from krb5_error to somthing harmless, or better
> still look into our ADS_ERROR stuff (partly created for exactly this
> kind of thing). Returning an ADS_ERROR would probably be the best
> solution here.
Nope, that's not possible. The function is passed to
krb5_get_init_creds_password as a pointer to function and the prototype is
therefore dictated by kerberos libs. This could be overriden by some clever
use of typecasts but this would be an ugly hack in my opinion.
> Well, I don't think this is sufficient reason not to do this properly.
> Duplicated code *will* break as two slightly different versions emerge.
Well I do agree. Now that I have an official permission to hack the build
system I'll happily do it ;)
However a thought came to me last night that maybe this function is not needed
after all. It's there as a workaround to a bug/feature (go figure ;) in
kerberos libs but I think I know an easier way to solve it. I just have to
test if it works.
Using Linux since 1993
Member of ELUG since 29.01.2000
More information about the samba-technical