design for storing trusted domain passwords in ldap
simo
idra at samba.org
Wed Jan 17 17:59:32 GMT 2007
On Wed, 2007-01-17 at 11:57 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> simo wrote:
> > On Wed, 2007-01-17 at 17:28 +0100, Volker Lendecke wrote:
> >> On Wed, Jan 17, 2007 at 02:51:06PM +0100, Michael Adam wrote:
> >>> Attached, find a patch with these changes to the schema file.
> >>>
> >>> Are there any opinions about this?
> >> As told face-to-face, I'd say this looks sane.
> >>
> >> Jerry, Simo?
> >
> > Except for the Description of 'sambaTrustedDomainName' which have 'the'
> > and 'own' reversed it seem ok to me.
> >
> > I have a question.
> > This object will hold just one way of the trust.
> > I seem it would make sense to have it so that both ways of the trust are
> > held in the same object.
> > But it is obviously not in this proposal, is there a reason for that?
>
> The other direction is stored as a sambaSamAccount object
> (e.g. DOMAIN$) in the passdb.
I know, what I am asking is why don't we add the trust password to that
object instead of defining a separate one?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list