From 04bc200e95c3473238a541460a714b13f67375b8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 19 May 2014 11:08:00 +1200
Subject: [PATCH] winbindd: explain that this check protects the AD DC machine
 account password (for now at least)

Change-Id: I2e2eb2e7fc4a12f27025f42e4cc41560311ce6c8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/winbindd/winbindd_change_machine_acct.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/winbindd/winbindd_change_machine_acct.c b/source3/winbindd/winbindd_change_machine_acct.c
index a5514e22ebc..f335e345e54 100644
--- a/source3/winbindd/winbindd_change_machine_acct.c
+++ b/source3/winbindd/winbindd_change_machine_acct.c
@@ -52,6 +52,10 @@ struct tevent_req *winbindd_change_machine_acct_send(TALLOC_CTX *mem_ctx,
 		/*
 		 * Internal domains are passdb based, we can always
 		 * contact them.
+		 *
+		 * This also protects us from changing the password on
+		 * the AD DC without updating all the right databases.
+		 * Do not remove this until that code is fixed.
 		 */
 		tevent_req_done(req);
 		return tevent_req_post(req, ev);
-- 
2.11.4.GIT