From 48026d814b665e2a766cbe8b82d9c6b22590a16d Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Mon, 26 May 2008 12:22:53 +0200
Subject: passdb: add comment explaining logic in get_trust_pw_clear().

Michael
(This used to be commit 5f197c659e9c8a573ba5032c7f90c816df45770c)
---
 source3/passdb/passdb.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 874355da67..d69da8f32e 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1568,8 +1568,22 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
 		return true;
 	}
 
-	/* Here we are a domain member server.  We can only be a member
-	   of one domain so ignore the request domain and assume our own */
+	/*
+	 * Since we can only be member of one single domain, we are now
+	 * in a member situation:
+	 *
+	 *  -  Either we are a DC (selfjoined) and the domain is our
+	 *     own domain.
+	 *  -  Or we are on a member and the domain is our own or some
+	 *     other (potentially trusted) domain.
+	 *
+	 * In both cases, we can only get the machine account password
+	 * for our own domain to connect to our own dc. (For a member,
+	 * request to trusted domains are performed through our dc.)
+	 *
+	 * So we simply use our own domain name to retrieve the
+	 * machine account passowrd and ignore the request domain here.
+	 */
 
 	pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);
 
-- 
cgit