IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This allows to control cleaning the keytab.
It will only clean old occurences of keys that are replicated in
this run. So if you want to ensure things are cleaned up, combine
this switch with --force-full-repl or --single-obj-repl (+dn list).
Michael
(This used to be commit 21385e1c63)
Initialize it to false.
And pass it down to the libnet_keytab context in
libnet_dssync_keytab.c:keytab_startup().
Unused yet.
Michael
Note: This might not be not 100% clean design to put this into the
toplevel dssync context while it is keytab specific. But then, on the
other hand, other imaginable backends might want to use this flag, too...
(This used to be commit 12e884f227)
to allow for removing all entries with given principal and enctype without
repecting the kvno (i.e. cleaning "old" entries...)
This is called with ignore_kvno == false from libnet_keytab_add_entry() to
keep the original behaviour.
Michael
(This used to be commit 6047f7b685)
This controls whether single object replication is to be used.
This only has an effect when at least one object dn is given
on the commandline.
NOTE: Now the default is to use normal replication with uptodateness
vectors and use object dns given on the command line as a positive
write filter. Single object replication is only performed when this
new switch is specified.
Michael
(This used to be commit 0f81111ea8)
I.e. only the passwords and keys of those objects whose dns are provided
are written to the keytab file. Others are skippded.
Michael
(This used to be commit a013f926ae)
Just specify several DNs separated by spaces on the command line of
"net rpc vampire keytab" to get the passwords for each of these
accouns via single object replication.
Michael
(This used to be commit 6e53dc2db8)
Untangle parsing of results and processing.
Make loop logic more obvious.
Call finishing operation after the loop, not inside.
Michael
(This used to be commit 47c8b3391c)
When retreiving a diff replication, the sAMAccountName attribute is usually
not replicated. So in order to build the principle, we need to store the
sAMAccounName in the keytab, referenced by the DN of the object, so that
it can be retrieved if necessary.
It is stored in the form of SAMACCOUNTNAME/object_dn@dns_domain_name
with kvno=0 and ENCTYPE_NONE.
Michael
(This used to be commit 54e2dc1f4e)
This makes libnet_keytab_remove_entries static and moves it up.
libnet_keytab_add_entry() now removes the duplicates in advance.
No special handling neede for the UTDV - this is also needed
for other entries...
Michael
(This used to be commit 3c46374544)
This is a stripped down version of smb_krb5_kt_add_entry() that
takes one explicit enctype instead of an array. And it does
not neither salting of keys nor cleanup of old entries.
Michael
(This used to be commit c83e54f1eb)
Not really used yet.
Note: callers use ENCTYPE_ARCFOUR_HMAC enctype for UTDV (for now).
This is what is currently stored. This is to be changed
to ENCTYPE_NULL.
Michael
(This used to be commit cb91d07413)
Still unused by the libnet_keytab_add() function.
This will follow.
In preparation of supporting multiple encryption types in libnet_dssync_keytab.
Michael
(This used to be commit 447b8b1122)
This is triggered by setting the new "single" flag in the dssync_context
and filling the "object_dn" member with the dn of the object to be
fetched.
This call is accomplished by specifying the DRSUAPI_EXOP_REPL_OBJ
extended operation in the DsGetNCCHanges request. This variant does
honor an up-to-date-ness vectore passed in, but the answer does not
return a new up-to-dateness vector.
Call this operation as "net rpc vampire keytab /path/keytab object_dn" .
Michael
(This used to be commit f4a01178a3)
Also store the new uptodateness vector in the backend after completion
and retrieve the old vector before sending the DsGetNCChanges request.
This effectively accomplishes differential replication.
Michael
(This used to be commit a2a88808df)
This extracts the info24 data in case this is what was returned (instead of info28).
E.g. windows 2000 returns info24.
Michael
(This used to be commit 61b41aa615)
The startup operation should get the old up-to-date-ness vector from the backend
and the finish operation should store the new vector to the backend after replication.
This adds the change of the signatures of the operations ot the dssync_ops struct
and the implementation for the keytab ops. The up-to-date-ness vector is stored
under the principal constructed as UTDV/$naming_context_dn@$dns_domain_name.
The vector is still uninterpreted in libnet_dssync_process().
This will be the next step...
This code is essentially by Metze.
Michael
(This used to be commit 01318fb27a)