Closed lejmr closed 3 years ago
Thanks for your interest. We will review this pull request.
Fair enough! Indeed there are some differences between sssd and winbind. The forest trust is probably left stale:
but a design document is created
so maybe later the functionality is going to land to sssd. Until then I get you rather prefer domain trust instead. (Even though, leaving the create computer permissions is also a vulnerability, so your proposed solution is probably quite a good one)
Closing as by design
Description of changes: I am removing the necessity of using a pre-created password for the computer management. Use of the pre-created account is potentially a security weakness.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.