Storing the old machine account password when the machine account password changes
Richard Sharpe
realrichardsharpe at gmail.com
Mon May 13 00:36:50 MDT 2013
On Sun, May 12, 2013 at 11:14 PM, Stefan (metze) Metzmacher
<metze at samba.org> wrote:
> Hi Richard,
>
>> I have seen two vendors now who are storing the old machine account
>> password when the machine account password changes.
>
> What do you mean here, that's what winbindd does in the current releases,
> see https://bugzilla.samba.org/show_bug.cgi?id=7099.
>
>> This seems to be to handle the following situation:
>>
>> Lots of clients have tickets cached that were generated when the old
>> machine account password was valid but when they present them,
>> authentication fails. They try both passwords and allow authentication
>> to succeed if either password is successful.
>
> I think that's the correct behavior as you can't be sure that all domain
> controllers
> have the new password already.
Ahhh, OK. This is another example of QNAP sticking with 3.5.2 and back
porting changes. Something similar is also in another vendor's code
base as well, but they started with 3.4.5.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list