From 28d78c40ade22c4b5d445dbe23f18ca210e41f8c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 24 Jan 2006 05:31:08 +0000
Subject: r13107: Follow the lead of Heimdal's kpasswdd and use the HDB
 (hdb-ldb in our case) as the keytab.

This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).

Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
---
 source4/setup/secrets.ldif | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source4/setup')

diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index 43c3f69c9d..8c3c6917ae 100644
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -38,18 +38,18 @@ msDS-KeyVersionNumber: 1
 objectSid: ${DOMAINSID}
 privateKeytab: secrets.keytab
 
+# A hook from our credentials system into HDB, as we must be on a KDC,
+# we can look directly into the database.
 dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
 objectClass: top
 objectClass: secret
 objectClass: kerberosSecret
 flatname: ${DOMAIN}
 realm: ${REALM}
-secret: ${KRBTGTPASS}
 sAMAccountName: krbtgt
 whenCreated: ${LDAPTIME}
 whenChanged: ${LDAPTIME}
-msDS-KeyVersionNumber: 1
 objectSid: ${DOMAINSID}
 servicePrincipalName: kadmin/changepw
-saltPrincipal: krbtgt@${REALM}
-privateKeytab: secrets.keytab
+krb5Keytab: HDB:ldb:sam.ldb:/dev/null
+#The /dev/null here is a HACK, but it matches the Heimdal format. 
-- 
cgit