[PATCH] Some ADS fixes + pam_limits problem workaround

Antti Andreimann Antti.Andreimann at mail.ee
Wed Jul 23 22:39:32 GMT 2003

Andrew Bartlett wrote:

> This patch has nasty performance implications.  A better way to work
> would be to save the full principal name when we join.  Even better

I agree. Can You tell me how it should stored in tdb? Does tdb have a
capability to store more than one easily distinguishable data block with a
key or should I implement it as something like this:
1. Store the principial name instead of secret in TDB when using ADS.
2. Store the actual secret using the principial as the key to TDB.

Or as a third option I could store the principial and the secret in tdb
using some sexy "special" format, eg.:
principial<some special byte>secret.

If You could give me some advice on this I'd be grateful.

PS! I got a brand new W2K box today (the old one just died on me) so
hopefully I can get my little hands dirty by digging into the "demotion"
problem once again (too bad I lost the dumps I did about a month ago).

         Antti Andreimann
      Using Linux since 1993
  Member of ELUG since 29.01.2000

More information about the samba-technical mailing list