WBFLAG_PAM_CONTACT_TRUSTDOM ???
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Sep 8 10:15:23 GMT 2006
Hi, Jerry!
Günther yesterday notified me about lines 226ff in
winbindd_pam.c:
if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
domain = find_domain_from_name_noinit(domain_name);
if (domain == NULL) {
DEBUG(3, ("Authentication for domain [%s] skipped "
"as it is not a trusted domain\n",
domain_name));
} else {
return domain;
}
}
I had removed already once, because for NTLM this is broken.
It does make sense in case we do krb5 logon, but with NTLM
this does just not work as for the trusted domain we don't
have a workstation password. In the NTLM case we _always_
have to contact our own domain.
It does work, but the child for the trusted domain has to
contact our own DC which I would consider a bug.
Is this what you intended with this patch?
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060908/ecd0155d/attachment.bin
More information about the samba-technical
mailing list