[PATCH] s3-winbindd: Store schannel credentials in secrets.tdb
abartlet at samba.org
Wed Sep 26 01:12:41 MDT 2012
On Tue, 2012-09-25 at 23:30 -0700, Christian Ambach wrote:
> On 09/25/2012 10:25 PM, Stefan (metze) Metzmacher wrote:
> > we also need to mutex the netlogon_creds_CredentialState->sequence etc.
> > And on the client we typically need to mutex arround network/ipc operations,
> > which should not be mutexed by a tdb lock.
> In which cases (e.g. against which DC versions) is that mechanism used?
> When certain RPC calls or validationlevels are not available? I am not
> very deep into the schannel / authentication pieces, so I (and maybe
> others) could use some coaching here.
While the most common operation (SamLogonEx) does not use the sequence
stuff, and most recent DCs support that, there are other netlogon calls
that use the sequence number stuff.
I'm sorry I don't have details to hand, but I agree with metze that we
need to do this properly.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical