diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-07-27 16:09:25 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-07-27 22:41:42 +1000 |
commit | 56f4516399431cc508ca0c3e0dd7f179cc7ab62c (patch) | |
tree | 917157ee7f661927edd5535a5ed939d8bfe6a928 /source4/setup/secrets_dc.ldif | |
parent | b50ab318c1c66aaffd68c01b19140d0221c3e9c1 (diff) | |
download | samba-56f4516399431cc508ca0c3e0dd7f179cc7ab62c.tar.gz samba-56f4516399431cc508ca0c3e0dd7f179cc7ab62c.tar.bz2 samba-56f4516399431cc508ca0c3e0dd7f179cc7ab62c.zip |
s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB
This overloads the 'name' part of the keytab name to supply a context
pointer, and so avoids 3 global variables!
To do this, we had to stop putting the entry for kpasswd into the
secrets.ldb. (I don't consider this a big loss, and any entry left
there by an upgrade will be harmless).
Andrew Bartlett
Diffstat (limited to 'source4/setup/secrets_dc.ldif')
-rw-r--r-- | source4/setup/secrets_dc.ldif | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif index 8ae5578e6b..b8251eece5 100644 --- a/source4/setup/secrets_dc.ldif +++ b/source4/setup/secrets_dc.ldif @@ -11,22 +11,7 @@ msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} privateKeytab: ${SECRETS_KEYTAB} -# A hook from our credentials system into HDB, as we must be on a KDC, -# we can look directly into the database. -dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals -objectClass: top -objectClass: secret -objectClass: kerberosSecret -flatname: ${DOMAIN} -realm: ${REALM} -sAMAccountName: krbtgt -objectSid: ${DOMAINSID} -servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:samba4:${SAM_LDB}: -#The trailing : here is a HACK, but it matches the Heimdal format. - -# A hook from our credentials system into HDB, as we must be on a KDC, -# we can look directly into the database. +#Update a keytab for the external DNS server to use dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals objectClass: top objectClass: secret |