passdb lookups directly in winbindd? [was Re: winbind on PDC for trusted domains]

Andrew Bartlett abartlet at
Sun Jun 29 01:56:51 GMT 2003

On Sun, 2003-06-29 at 05:02, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> On Sat, 28 Jun 2003, Gerald (Jerry) Carter wrote:
> > > We are already heading for this - winbind has a passdb backend already
> > > (not operational), and it is intended that winbind should provide these
> > > services for direct NT migrations.
> > > 
> > > (Ie, you suck down an NT PDC into passdb, and winbind handles the rest).
> > > 
> > > I agree that it seems to be feature creep - if we really do feel that
> > > way, then creating a seperate 'samba-authd' might be appropriate. 
> > > However, given the circumstances I think it's suitable.
> we really need WINBIND_PAM_CONTACT_TRUSTDOM as a flag for testing 
> whether we deal with trusted users.  I don't see any real value in being 
> able to set "allow trusted domains = no" on a per call basis.  Can you
> give me an example of when it would be useful?  Thanks.  Or even better, 
> add a comment in the code about it next time.

As I mentioned to vl on his patch, it serves no useful purpose and may
safely be removed.  The design it was intended to support has the same
deadlock problem we are trying to avoid here, and gained very little for
it's complexity.

Andrew Bartlett

Andrew Bartlett <abartlet at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list