From 73388ce54c5910ee407af6b70e25597d0b696a58 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 28 Aug 2007 04:28:02 +0000
Subject: r24729: First try and publishing a DNS service account, for folks to
 play with.

The keytab in dns.keytab should (I hope) do the job.

Andrew Bartlett
(This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
---
 source4/setup/secrets.ldif | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'source4/setup/secrets.ldif')

diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index ef5cb695d0..8c61c06a54 100644
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -38,3 +38,17 @@ objectSid: ${DOMAINSID}
 servicePrincipalName: kadmin/changepw
 krb5Keytab: HDB:ldb:${SAM_LDB}:
 #The trailing : here is a HACK, but it matches the Heimdal format. 
+
+# A hook from our credentials system into HDB, as we must be on a KDC,
+# we can look directly into the database.
+dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
+objectClass: top
+objectClass: secret
+objectClass: kerberosSecret
+realm: ${REALM}
+whenCreated: ${LDAPTIME}
+whenChanged: ${LDAPTIME}
+servicePrincipalName: DNS/${DNSDOMAIN}
+privateKeytab: ${DNS_KEYTAB}
+secret: ${DNSPASS}
+
-- 
cgit