summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2008-05-26 12:22:53 +0200
committerMichael Adam <obnox@samba.org>2008-05-26 16:42:24 +0200
commit48026d814b665e2a766cbe8b82d9c6b22590a16d (patch)
tree691c15b2d5bcce06d4ffbd5b556507457eefa796 /source3
parenta186e598c43cb3a9a3ff7f4626407074cc938e96 (diff)
downloadsamba-48026d814b665e2a766cbe8b82d9c6b22590a16d.tar.gz
samba-48026d814b665e2a766cbe8b82d9c6b22590a16d.tar.bz2
samba-48026d814b665e2a766cbe8b82d9c6b22590a16d.zip
passdb: add comment explaining logic in get_trust_pw_clear().
Michael (This used to be commit 5f197c659e9c8a573ba5032c7f90c816df45770c)
Diffstat (limited to 'source3')
-rw-r--r--source3/passdb/passdb.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 874355da67..d69da8f32e 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1568,8 +1568,22 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
return true;
}
- /* Here we are a domain member server. We can only be a member
- of one domain so ignore the request domain and assume our own */
+ /*
+ * Since we can only be member of one single domain, we are now
+ * in a member situation:
+ *
+ * - Either we are a DC (selfjoined) and the domain is our
+ * own domain.
+ * - Or we are on a member and the domain is our own or some
+ * other (potentially trusted) domain.
+ *
+ * In both cases, we can only get the machine account password
+ * for our own domain to connect to our own dc. (For a member,
+ * request to trusted domains are performed through our dc.)
+ *
+ * So we simply use our own domain name to retrieve the
+ * machine account passowrd and ignore the request domain here.
+ */
pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);