Date: Fri, 8 May 1998 14:03:13 +0200 (MET DST) From: Jean-Francois Micouleau <Jean-Francois.Micouleau@utc.fr> To: Luke Kenneth Casson Leighton <lkcl@switchboard.net> Subject: Re: password API needed In-Reply-To: <Pine.LNX.3.96.980508111814.4378J-100000@regent.push.net>
On Fri, 8 May 1998, Luke Kenneth Casson Leighton wrote:
> in your ldap code, you make the distinction between a "machine" account
> and a "user" account. can you remove this distinction? machine acounts
> _are_ user accounts, and "machine" accounts is a misleading name: they are
> actually a subset of trust accounts. therefore, can we refer to them as
> "trust" accounts from now?
I know you don't want to make a distinction between users and machines. I
still don't like it. You make a distinction between aspirin and laxative
even if they are both medecine and you store them in the same place.
> the uint16 acct_ctrl member, when the ACB_WKSTRUST bit is set, correctly
> and uniquely identifies the account as a workstation trust account.
That's faster to look at only users or trust accounts in ldap and that's
the same for SQL for example.
> there just happens to be an additional (redundant but "visual-in-text")
> method to identify a trust account: it ends with $.
BTW having two distinct object classes is more 'NT5 compliant' in an LDAP
point of view.
-----------------------------------------------------------
Pinky: "What are we going to do tonight, Brain?"
Brain: "The same thing we do every night, Pinky :
try to install Windows NT !"
-----------------------------------------------------------