design for storing trusted domain passwords in ldap

simo idra at
Wed Jan 17 19:00:34 GMT 2007

On Wed, 2007-01-17 at 12:30 -0600, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> simo wrote:
> > I am not saying I want to force 2 way trusts, just 
> > that it seem natural to use the same object for both. It is
> > easy to keep the two way separate by just clearing
> > the password of the way that is not set.
> So you are ok with now requiring a Unix account for one
> end of the trust which previously did not need it?

I don't see why we would need to.
The unix account will be required only if we go the other way around.

> These are just two different things to me.  Always have
> been.  We don't store the machine trust account when
> configured as a domain member in the local SAM.

Right, but that's a sort of special case.

however I am fine either way, just thought that keeping related things
together make sense. But if you think that mating them now is too
difficult then we can proceed and have different objects.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at

More information about the samba-technical mailing list