CVS update: samba/source/utils
mimir at samba.org
Fri Feb 27 23:43:59 GMT 2004
On Sat, Feb 28, 2004 at 10:26:50AM +1100, Andrew Bartlett wrote:
> On Sat, 2004-02-28 at 08:02, mimir at samba.org wrote:
> > Date: Fri Feb 27 21:02:00 2004
> > Author: mimir
> > Update of /home/cvs/samba/source/utils
> > In directory dp.samba.org:/tmp/cvs-serv4335/utils
> > Modified Files:
> > pdbedit.c
> > Log Message:
> > Adding ability to operate on trust passwords to pdbedit. This enables
> > new functionality and testing interface for new pdb functions.
> > Also, quite a bit of objects is being added to pdbedit in order to make
> > it able to find domain sid automatically (if not given explicitly).
> > If such amount of "wisdom" is not required to be in pdbedit, I'll move
> > it to 'net' which will have this new functionality, anyway.
> Please do not make 'pdbedit' call out to cli* functions. For one, then
> you need to start adding all the authentication stuff. If we want to
> manipulate domain trusts, that's fine - but it should be an offline
> activity at least as far as CIFS is concerned. 'net' is the place for
> online activity.
Yes, that was my concern, too. As I wrote, this automatic sid checking
is to be moved to 'net', so no need to be worried. This was mostly testing
new pdb function and I consider HEAD as proper place to work on completely
> If we are adding a new trust, I would really like to see 'net rpc join'
> generalised, so that we can 'net rpc join TRUSTDOM', and just mark the
> stored secret/joined account as such.
Surely. The new functions will be put in 'net rpc join' and 'net rpc establish'
in place of secrets_store_* stuff.
> If we must add a trusted domain with a password (like NT4 does), then
> simply modify code that might read that SID to behave the same way NT4
> does - have a 'verify' codepath, and a 'we just don't have the SID yet'
Clear. We've got the same ideas about that :)
Samba Team member http://www.samba.org
More information about the samba-technical