[PATCH] ADS changes for joining accounts w/o full Administrator rights

Andrew Bartlett abartlet at samba.org
Sun Feb 16 09:44:19 GMT 2003

On Wed, 2003-02-12 at 22:16, Antti Andreimann wrote:
> Ühel kenal päeval (kolmapäev, 12. veebruar 2003 00:16) kirjutas Andrew 
> Bartlett:
> > I think we need to do a few things here:
> >  - We should record the principal name we joined with, and only ever
> > send that to our clients.
> That's a good idea. I'll look into it hopefully sometime during this week.
> > should add a typedef from krb5_error to somthing harmless, or better
> > still look into our ADS_ERROR stuff (partly created for exactly this
> > kind of thing).  Returning an ADS_ERROR would probably be the best
> > solution here.
> Nope, that's not possible. The function is passed to 
> krb5_get_init_creds_password as a pointer to function and the prototype is 
> therefore dictated by kerberos libs. This could be overriden by some clever 
> use of typecasts but this would be an ugly hack in my opinion.
> > Well, I don't think this is sufficient reason not to do this properly.
> > Duplicated code *will* break as two slightly different versions emerge.
> Well I do agree. Now that I have an official permission to hack the build 
> system I'll happily do it ;)
> However a thought came to me last night that maybe this function is not needed 
> after all. It's there as a workaround to a bug/feature (go figure ;) in 
> kerberos libs but I think I know an easier way to solve it. I just have to 
> test if it works.

BTW, I've applied your patch, minus the session-setup changes, and with
only one copy of the kinit function.

Thankyou very much for the patch!

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030216/b3296fbf/attachment.bin

More information about the samba-technical mailing list