design for storing trusted domain passwords in ldap
Michael Adam
ma at sernet.de
Thu Jan 18 22:57:54 GMT 2007
Hi Andrew,
On Fri, Jan 19, 2007, Andrew Bartlett wrote:
>
> We should store the previous password, so we can bind to a DC in the
> remote domain, that is a little slow on the uptake. (Yes, we also need
> logic to use the previous password, both in trusted domain and member
> server code).
Do you think of storing the previous password (and maybe more
of the history) as an additional nt password attribute (or as
a sambaPasswordHistory attribute) of the sambaTrustedDomainPassword
object or rather as an object of its own like sambaTrustedDomainLastPassword
or even sambaTrustedDomainPasswordHistory?
Michael
> Hmm, perhaps we add to the schema when we actually have code to change
> trust passwords automatically, and use a fallback...
--
Michael Adam, SerNet Service Network GmbH
phone: +49-551-370000-0, fax: +49-551-370000-9
More information about the samba-technical
mailing list