summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-01-24 05:31:08 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:26 -0500
commit28d78c40ade22c4b5d445dbe23f18ca210e41f8c (patch)
treed3cd9bdaca50e4cd7af031f1b2550836b9190417 /source4/setup
parentfc29c3250af5fbcd81725e38fb48ca1ec5ae23bf (diff)
downloadsamba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.tar.gz
samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.tar.bz2
samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.zip
r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our
case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
Diffstat (limited to 'source4/setup')
-rw-r--r--source4/setup/secrets.ldif8
1 files changed, 4 insertions, 4 deletions
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index 43c3f69c9d..8c3c6917ae 100644
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -38,18 +38,18 @@ msDS-KeyVersionNumber: 1
objectSid: ${DOMAINSID}
privateKeytab: secrets.keytab
+# A hook from our credentials system into HDB, as we must be on a KDC,
+# we can look directly into the database.
dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
objectClass: top
objectClass: secret
objectClass: kerberosSecret
flatname: ${DOMAIN}
realm: ${REALM}
-secret: ${KRBTGTPASS}
sAMAccountName: krbtgt
whenCreated: ${LDAPTIME}
whenChanged: ${LDAPTIME}
-msDS-KeyVersionNumber: 1
objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
-saltPrincipal: krbtgt@${REALM}
-privateKeytab: secrets.keytab
+krb5Keytab: HDB:ldb:sam.ldb:/dev/null
+#The /dev/null here is a HACK, but it matches the Heimdal format.