Re: password API needed

Luke Kenneth Casson Leighton (lkcl@switchboard.net)
Fri, 8 May 1998 14:00:04 +0000 (GMT)

Date:	Fri, 8 May 1998 14:00:04 +0000 (GMT)
From:	Luke Kenneth Casson Leighton <lkcl@switchboard.net>
To:	Jean-Francois Micouleau <Jean-Francois.Micouleau@utc.fr>
Subject: Re: password API needed
In-Reply-To: <Pine.OSF.3.95.980508135611.4866G-100000@kappa.utc.fr>

On Fri, 8 May 1998, Jean-Francois Micouleau wrote:

> On Fri, 8 May 1998, Luke Kenneth Casson Leighton wrote:
>
> > in your ldap code, you make the distinction between a "machine" account
> > and a "user" account. can you remove this distinction? machine acounts
> > _are_ user accounts, and "machine" accounts is a misleading name: they are
> > actually a subset of trust accounts. therefore, can we refer to them as
> > "trust" accounts from now?
>
> I know you don't want to make a distinction between users and machines.

there is no distinction, as far as NT 3.5 / 4.0 accounts are concerned: we
don't have to like it.

hm. thinks.

thinks some more.

ok, leave it as-is, but rename to "trust" account not "machine" account.
there's no such thing as a "machine" account.

> > the uint16 acct_ctrl member, when the ACB_WKSTRUST bit is set, correctly
> > and uniquely identifies the account as a workstation trust account.
>
> That's faster to look at only users or trust accounts in ldap and that's
> the same for SQL for example.

trust accounts should probably therefore be stored in a separate schema.

> > there just happens to be an additional (redundant but "visual-in-text")
> > method to identify a trust account: it ends with $.
>
> BTW having two distinct object classes is more 'NT5 compliant' in an LDAP
> point of view.

what does NT 5 do with respect to trust accounts?