diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-01-24 05:31:08 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:26 -0500 |
commit | 28d78c40ade22c4b5d445dbe23f18ca210e41f8c (patch) | |
tree | d3cd9bdaca50e4cd7af031f1b2550836b9190417 /source4/setup | |
parent | fc29c3250af5fbcd81725e38fb48ca1ec5ae23bf (diff) | |
download | samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.tar.gz samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.tar.bz2 samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.zip |
r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our
case) as the keytab.
This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).
Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
Diffstat (limited to 'source4/setup')
-rw-r--r-- | source4/setup/secrets.ldif | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 43c3f69c9d..8c3c6917ae 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -38,18 +38,18 @@ msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} privateKeytab: secrets.keytab +# A hook from our credentials system into HDB, as we must be on a KDC, +# we can look directly into the database. dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals objectClass: top objectClass: secret objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} -secret: ${KRBTGTPASS} sAMAccountName: krbtgt whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} -msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -saltPrincipal: krbtgt@${REALM} -privateKeytab: secrets.keytab +krb5Keytab: HDB:ldb:sam.ldb:/dev/null +#The /dev/null here is a HACK, but it matches the Heimdal format. |