design for storing trusted domain passwords in ldap
idra at samba.org
Wed Jan 17 19:00:34 GMT 2007
On Wed, 2007-01-17 at 12:30 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> simo wrote:
> > I am not saying I want to force 2 way trusts, just
> > that it seem natural to use the same object for both. It is
> > easy to keep the two way separate by just clearing
> > the password of the way that is not set.
> So you are ok with now requiring a Unix account for one
> end of the trust which previously did not need it?
I don't see why we would need to.
The unix account will be required only if we go the other way around.
> These are just two different things to me. Always have
> been. We don't store the machine trust account when
> configured as a domain member in the local SAM.
Right, but that's a sort of special case.
however I am fine either way, just thought that keeping related things
together make sense. But if you think that mating them now is too
difficult then we can proceed and have different objects.
Samba Team GPL Compliance Officer
email: idra at samba.org
More information about the samba-technical