Removal of secret manager in favour of one-time passwords

[lejmr]

Description of changes: I am removing the necessity of using a pre-created password for the computer management. Use of the pre-created account is potentially a security weakness.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[VishnuKarthikRavindran]

Thanks for your interest. We will review this pull request.

[lejmr]

Fair enough! Indeed there are some differences between sssd and winbind. The forest trust is probably left stale:

• https://github.com/SSSD/sssd/issues/3120

but a design document is created

• https://sssd.io/docs/design_pages/subdomain_configuration.html

so maybe later the functionality is going to land to sssd. Until then I get you rather prefer domain trust instead. (Even though, leaving the create computer permissions is also a vulnerability, so your proposed solution is probably quite a good one)

[Thor-Bjorgvinsson]

Closing as by design