design for storing trusted domain passwords in ldap

simo idra at samba.org
Wed Jan 17 18:28:10 GMT 2007


On Wed, 2007-01-17 at 12:07 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> simo wrote:
> 
> > I know, what I am asking is why don't we add the trust 
> > password to that object instead of defining a separate one?
> 
> Conceptual integrity.  NT4 trusts are one-way things so
> you can never assume nor require that you have a two-way
> trust.

I am not saying I want to force 2 way trusts, just that it seem natural
to use the same object for both. It is easy to keep the two way separate
by just clearing the password of the way that is not set.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list