[PATCH] Remove a misleading comment

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Oct 27 12:06:13 UTC 2017


Review appreciated!

Thanks, Volker

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 208c368e0a575649442a67859df6427e00aec723 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 27 Oct 2017 14:01:41 +0200
Subject: [PATCH] winbindd: Remove a misleading comment

The reality is a bit more complex than this comment indicates. We should never
suggest anywhere that we can connect to domains that we don't have a direct
trust account to. For the member case, it's "our" domain, and for the DC case,
it's the direct trusts. Everything else is pure luck.

Signed-off-by: Volker Lendecke <vl at samba.org>
 source3/winbindd/winbindd_cache.c | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 93501e4073b..faea764cb5d 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -147,24 +147,6 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
 		init_dc_connection(domain, false);
-	/*
-	   OK.  Listen up because I'm only going to say this once.
-	   We have the following scenarios to consider
-	   (a) trusted AD domains on a Samba DC,
-	   (b) trusted AD domains and we are joined to a non-kerberos domain
-	   (c) trusted AD domains and we are joined to a kerberos (AD) domain
-	   For (a) we can always contact the trusted domain using krb5
-	   since we have the domain trust account password
-	   For (b) we can only use RPC since we have no way of
-	   getting a krb5 ticket in our own domain
-	   For (c) we can always use krb5 since we have a kerberos trust
-	   --jerry
-	 */
 #ifdef HAVE_ADS
 	if (domain->backend == NULL) {
 		struct winbindd_domain *our_domain = domain;

More information about the samba-technical mailing list