[PATCH] Some ADS fixes + pam_limits problem workaround

Andrew Bartlett abartlet at samba.org
Sat Jul 26 23:36:57 GMT 2003


On Thu, 2003-07-24 at 08:39, Antti Andreimann wrote:
> Andrew Bartlett wrote:
> 
> > This patch has nasty performance implications.  A better way to work
> > would be to save the full principal name when we join.  Even better
> 
> I agree. Can You tell me how it should stored in tdb? Does tdb have a
> capability to store more than one easily distinguishable data block with a
> key or should I implement it as something like this:
> 1. Store the principial name instead of secret in TDB when using ADS.
> 2. Store the actual secret using the principial as the key to TDB.
> 
> Or as a third option I could store the principial and the secret in tdb
> using some sexy "special" format, eg.:
> principial<some special byte>secret.
> 
> If You could give me some advice on this I'd be grateful.

Just read passdb/secrets.c - you should be able to follow it from
there.  While you are at it, store the 'account name' that we join
(which should be part of the principal name, for ADS).

Also, always CC me if you want me to read your replies :-)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030726/2eddf6c6/attachment.bin


More information about the samba-technical mailing list