s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB

This overloads the 'name' part of the keytab name to supply a context
pointer, and so avoids 3 global variables!

To do this, we had to stop putting the entry for kpasswd into the
secrets.ldb.  (I don't consider this a big loss, and any entry left
there by an upgrade will be harmless).

Andrew Bartlett

1 files changed, 1 insertions, 16 deletions

diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
index 8ae5578e6b..b8251eece5 100644
--- a/source4/setup/secrets_dc.ldif
+++ b/source4/setup/secrets_dc.ldif
@@ -11,22 +11,7 @@ msDS-KeyVersionNumber: 1
 objectSid: ${DOMAINSID}
 privateKeytab: ${SECRETS_KEYTAB}
 
-# A hook from our credentials system into HDB, as we must be on a KDC,
-# we can look directly into the database.
-dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
-objectClass: top
-objectClass: secret
-objectClass: kerberosSecret
-flatname: ${DOMAIN}
-realm: ${REALM}
-sAMAccountName: krbtgt
-objectSid: ${DOMAINSID}
-servicePrincipalName: kadmin/changepw
-krb5Keytab: HDB:samba4:${SAM_LDB}:
-#The trailing : here is a HACK, but it matches the Heimdal format. 
-
-# A hook from our credentials system into HDB, as we must be on a KDC,
-# we can look directly into the database.
+#Update a keytab for the external DNS server to use 
 dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
 objectClass: top
 objectClass: secret