From c82c9fe7bb47aa95d112159e46e79f52afe6f58d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Dec 2005 08:40:16 +0000 Subject: r12599: This new LDB module (and associated changes) allows Samba4 to operate using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9) --- source4/setup/provision_init.ldif | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup/provision_init.ldif') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index b341808e0e..e4c2476992 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -22,6 +22,7 @@ dn: CASE_INSENSITIVE sAMAccountName: CASE_INSENSITIVE objectClass: CASE_INSENSITIVE unicodePwd: HIDDEN +krb5Key: HIDDEN ntPwdHash: HIDDEN ntPwdHistory: HIDDEN lmPwdHash: HIDDEN @@ -69,5 +70,5 @@ isSynchronized: TRUE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: rootdse,samldb,operational,objectguid,rdn_name +@LIST: rootdse,samldb,password_hash,operational,objectguid,rdn_name -- cgit