svn commit: samba r2839 - in trunk/source/passdb: .
abartlet at samba.org
Mon Oct 11 10:46:27 GMT 2004
On Mon, 2004-10-11 at 18:46, Simo Sorce wrote:
> On Sun, 2004-10-10 at 21:12, Rafal Szczesniak wrote:
> > On Sun, Oct 10, 2004 at 08:50:04AM +1000, Andrew Bartlett wrote:
> > > On Sun, 2004-10-10 at 03:25, Rafal Szczesniak wrote:
> > > > On Fri, Oct 08, 2004 at 07:31:40AM +1000, Andrew Bartlett wrote:
> > >
> > > > > The only thing I'm worried about is:
> > > > > - Where do a PDC and BDCs store their trust account passwords, for
> > > > > their own domain? We don't want them to clash in LDAP...
> > > >
> > > > Well, we could also put them under proper LDAP objects, just like it
> > > > happens in case of security = domain. This code isn't yet ready to be
> > > > merged into samba3, so anything is possible.
> > >
> > > My preference is for these just to be in a local TDB, as we don't have a
> > > 'local domain' to put them in (unlike the workstation/member server
> > > case).
> > Interesting idea. But this would apply only to LDAP backend. You're
> > thinking about the same in case of TDB backend ?
> For TDB backend you just need to define a different key if it is at all
> needed ...
> I would rather add a new domain in ldap as we do with the first one,
> maybe something called BUILTIN or local.
As this is a non-replication case, lets use KISS (Keep It Simple...),
and just put it in a normal, boring secrets TDB key for all the
PDC/BDC->own domain cases.
No use defining domains in LDAP and the like, as this information is not
interesting (and potentially confusing) to other hosts.
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041011/959adaca/attachment.bin
More information about the samba-technical