design for storing trusted domain passwords in ldap

Michael Adam ma at
Thu Jan 18 22:57:54 GMT 2007

Hi Andrew,

On Fri, Jan 19, 2007, Andrew Bartlett wrote:
> We should store the previous password, so we can bind to a DC in the
> remote domain, that is a little slow on the uptake.  (Yes, we also need
> logic to use the previous password, both in trusted domain and member
> server code).  

Do you think of storing the previous password (and maybe more
of the history) as an additional nt password attribute (or as 
a sambaPasswordHistory attribute) of the sambaTrustedDomainPassword
object or rather as an object of its own like sambaTrustedDomainLastPassword 
or even sambaTrustedDomainPasswordHistory?

> Hmm, perhaps we add to the schema when we actually have code to change
> trust passwords automatically, and use a fallback...

Michael Adam,  SerNet Service Network GmbH
phone: +49-551-370000-0,  fax: +49-551-370000-9

More information about the samba-technical mailing list