mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
provision: explain why this is required
Change-Id: Iaf8b13010b52e03db2eefe1ad565d7ca768ffb48 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
d0a0af3550
commit
f80780925f
@ -801,6 +801,14 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
|
||||
logger.error(
|
||||
"Failed to setup database for BIND, AD based DNS cannot be used")
|
||||
raise
|
||||
|
||||
# This line is critical to the security of the whole scheme.
|
||||
# We assume there is no secret data in the (to be left out of
|
||||
# date and essentially read-only) config, schema and metadata partitions.
|
||||
#
|
||||
# Only the stub of the domain partition is created above.
|
||||
#
|
||||
# That way, things like the krbtgt key do not leak.
|
||||
del partfile[domaindn]
|
||||
|
||||
# Link dns partitions and metadata
|
||||
|
Loading…
Reference in New Issue
Block a user