On Wed, 2006-03-15 at 16:59 -0600, Jim Moser wrote: > Anyone have any thoughts on this? Is changetrustpw even required? Are > other people using it with success?
No, it's not required (but perhaps a good security idea). Samba 3.0 sets the 'password does not expire' bit when joining, and doesn't change the password, particularly against AD. Samba 3.0 doesn't store the previous password, so in some situations we could break due to changing the password on one, while still talking to a different server. This creates a race, where we correctly detect that something broke the credentials chain, but can't correctly set it up again. (Samba4 doesn't yet use the previous password either, but stores it). Doing the change daily seems overkill to me, and creates a greater chance of the race. I hope that clarifies things a bit better. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
