Storing the old machine account password when the machine account password changes
Stefan (metze) Metzmacher
metze at samba.org
Mon May 13 00:14:25 MDT 2013
Hi Richard,
> I have seen two vendors now who are storing the old machine account
> password when the machine account password changes.
What do you mean here, that's what winbindd does in the current releases,
see https://bugzilla.samba.org/show_bug.cgi?id=7099.
> This seems to be to handle the following situation:
>
> Lots of clients have tickets cached that were generated when the old
> machine account password was valid but when they present them,
> authentication fails. They try both passwords and allow authentication
> to succeed if either password is successful.
I think that's the correct behavior as you can't be sure that all domain
controllers
have the new password already.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130513/e8db6254/attachment.pgp>
More information about the samba-technical
mailing list