[PATCH] ADS changes for joining accounts w/o full Administrator rights

Andrew Bartlett abartlet at samba.org
Sun Feb 16 09:44:19 GMT 2003 

On Wed, 2003-02-12 at 22:16, Antti Andreimann wrote:
> Ühel kenal päeval (kolmapäev, 12. veebruar 2003 00:16) kirjutas Andrew 
> Bartlett:
> > I think we need to do a few things here:
> >  - We should record the principal name we joined with, and only ever
> > send that to our clients.
> 
> That's a good idea. I'll look into it hopefully sometime during this week.
> 
> > should add a typedef from krb5_error to somthing harmless, or better
> > still look into our ADS_ERROR stuff (partly created for exactly this
> > kind of thing).  Returning an ADS_ERROR would probably be the best
> > solution here.
> 
> Nope, that's not possible. The function is passed to 
> krb5_get_init_creds_password as a pointer to function and the prototype is 
> therefore dictated by kerberos libs. This could be overriden by some clever 
> use of typecasts but this would be an ugly hack in my opinion.
> 
> > Well, I don't think this is sufficient reason not to do this properly.
> > Duplicated code *will* break as two slightly different versions emerge.
> 
> Well I do agree. Now that I have an official permission to hack the build 
> system I'll happily do it ;)
> However a thought came to me last night that maybe this function is not needed 
> after all. It's there as a workaround to a bug/feature (go figure ;) in 
> kerberos libs but I think I know an easier way to solve it. I just have to 
> test if it works.

BTW, I've applied your patch, minus the session-setup changes, and with
only one copy of the kinit function.

Thankyou very much for the patch!

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030216/b3296fbf/attachment.bin

More information about the samba-technical mailing list