svn commit: samba r2839 - in trunk/source/passdb: .
Andrew Bartlett
abartlet at samba.org
Mon Oct 11 10:46:27 GMT 2004
On Mon, 2004-10-11 at 18:46, Simo Sorce wrote:
> On Sun, 2004-10-10 at 21:12, Rafal Szczesniak wrote:
> > On Sun, Oct 10, 2004 at 08:50:04AM +1000, Andrew Bartlett wrote:
> > > On Sun, 2004-10-10 at 03:25, Rafal Szczesniak wrote:
> > > > On Fri, Oct 08, 2004 at 07:31:40AM +1000, Andrew Bartlett wrote:
> > >
> > > > > The only thing I'm worried about is:
> > > > > - Where do a PDC and BDCs store their trust account passwords, for
> > > > > their own domain? We don't want them to clash in LDAP...
> > > >
> > > > Well, we could also put them under proper LDAP objects, just like it
> > > > happens in case of security = domain. This code isn't yet ready to be
> > > > merged into samba3, so anything is possible.
> > >
> > > My preference is for these just to be in a local TDB, as we don't have a
> > > 'local domain' to put them in (unlike the workstation/member server
> > > case).
> >
> > Interesting idea. But this would apply only to LDAP backend. You're
> > thinking about the same in case of TDB backend ?
>
> For TDB backend you just need to define a different key if it is at all
> needed ...
> I would rather add a new domain in ldap as we do with the first one,
> maybe something called BUILTIN or local.
As this is a non-replication case, lets use KISS (Keep It Simple...),
and just put it in a normal, boring secrets TDB key for all the
PDC/BDC->own domain cases.
No use defining domains in LDAP and the like, as this information is not
interesting (and potentially confusing) to other hosts.
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041011/959adaca/attachment.bin
More information about the samba-technical
mailing list