From 73388ce54c5910ee407af6b70e25597d0b696a58 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 28 Aug 2007 04:28:02 +0000 Subject: r24729: First try and publishing a DNS service account, for folks to play with. The keytab in dns.keytab should (I hope) do the job. Andrew Bartlett (This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb) --- source4/setup/secrets.ldif | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source4/setup/secrets.ldif') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index ef5cb695d0..8c61c06a54 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -38,3 +38,17 @@ objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw krb5Keytab: HDB:ldb:${SAM_LDB}: #The trailing : here is a HACK, but it matches the Heimdal format. + +# A hook from our credentials system into HDB, as we must be on a KDC, +# we can look directly into the database. +dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals +objectClass: top +objectClass: secret +objectClass: kerberosSecret +realm: ${REALM} +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +servicePrincipalName: DNS/${DNSDOMAIN} +privateKeytab: ${DNS_KEYTAB} +secret: ${DNSPASS} + -- cgit