design for storing trusted domain passwords in ldap
Andrew Bartlett
abartlet at samba.org
Sat Jan 20 07:58:27 GMT 2007
On Thu, 2007-01-18 at 23:57 +0100, Michael Adam wrote:
> Hi Andrew,
>
> On Fri, Jan 19, 2007, Andrew Bartlett wrote:
> >
> > We should store the previous password, so we can bind to a DC in the
> > remote domain, that is a little slow on the uptake. (Yes, we also need
> > logic to use the previous password, both in trusted domain and member
> > server code).
>
> Do you think of storing the previous password (and maybe more
> of the history) as an additional nt password attribute (or as
> a sambaPasswordHistory attribute) of the sambaTrustedDomainPassword
> object or rather as an object of its own like sambaTrustedDomainLastPassword
> or even sambaTrustedDomainPasswordHistory?
The password cannot be stored as an additional value in an existing
attribute, as these are unsorted in LDAP. We will need a new LDAP
attribute.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070120/07bf2b88/attachment.bin
More information about the samba-technical
mailing list