1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source3/libads
Noel Power 0af66455ef s3:libads: 'net ads keytab create' shouldn't write SPN(s)
Modify default behaviour of 'net ads keytab create'

The change modifies the behaviour of 'net ads keytab create' such
that only the keytab file is modified. The current behaviour doesn't
make sense, existing SPN(s) pulled from the computer AD object have
the format 'serviceclass/host:port/servicename'.
'ads_keytab_create_default' calls ads_keytab_add_entry passing
'serviceclass' for each SPN retrieved from the AD. For each
serviceclass passed in a new pair of SPN(s) is generated as follows
    i) long form 'param/full_qualified_dns'
   ii) short form 'param/netbios_name'

This doesn't make sense as we are creating a new SPN(s) from an existing
one probably replacing the existing host with the 'client' machine.

If the keytab file exists then additionally each kerberos principal in the
keytab file is parsed to strip out the primary, then 'ads_keytab_add_entry'
is called which then tries by default to generate a SPN from any primary
that doesn't end in '$'. By default those SPNs are then added to the AD
computer account for the client running the command.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-02 14:07:15 +01:00
..
ads_ldap_protos.h Convert all uses of uint8/16/32 to uint8/16/32_t in the libads code. 2015-04-22 06:22:29 +02:00
ads_proto.h s3:libads: add param to prevent writing spn(s) to ads 2018-03-02 14:07:15 +01:00
ads_status.c Convert all uses of uint8/16/32 to uint8/16/32_t in the libads code. 2015-04-22 06:22:29 +02:00
ads_status.h Convert all uses of uint8/16/32 to uint8/16/32_t in the libads code. 2015-04-22 06:22:29 +02:00
ads_struct.c s3-libads: Use the configured LDAP page size. 2016-01-15 03:59:16 +01:00
authdata.c auth: Add logging of service authorization 2017-03-29 02:37:27 +02:00
cldap.c libads: Check cldap flags in libads/ldap 2017-05-30 08:06:06 +02:00
cldap.h libads: Check cldap flags in libads/ldap 2017-05-30 08:06:06 +02:00
disp_sec.c Convert all uses of uint8/16/32 to uint8/16/32_t in the libads code. 2015-04-22 06:22:29 +02:00
kerberos_keytab.c s3:libads: 'net ads keytab create' shouldn't write SPN(s) 2018-03-02 14:07:15 +01:00
kerberos_proto.h s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c 2017-06-27 16:57:44 +02:00
kerberos_util.c Avoid overriding default ccache for ads operations. 2012-09-12 21:18:09 +02:00
kerberos.c s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c 2017-06-27 16:57:44 +02:00
krb5_errs.c kerberos: Map KRB5KDC_ERR_CLIENT_REVOKED to NT_STATUS_ACCOUNT_LOCKED_OUT 2014-04-02 17:12:46 +02:00
krb5_setpw.c s3:libads: Fix changing passwords with Kerberos 2017-08-11 18:21:22 +02:00
ldap_printer.c werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/libads/ldap_printer.c 2016-09-28 00:04:18 +02:00
ldap_schema_oids.h libads: Factor out ldap_schema_oids.h 2016-02-03 15:04:11 +01:00
ldap_schema.c libads: Factor out ldap_schema_oids.h 2016-02-03 15:04:11 +01:00
ldap_schema.h libads: Factor out ldap_schema_oids.h 2016-02-03 15:04:11 +01:00
ldap_user.c
ldap_utils.c s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here. 2018-01-26 02:25:20 +01:00
ldap.c s3:libads: change ads_add_service_principal_name implementation 2018-03-02 14:07:14 +01:00
ndr.c libads: abstract out SASL wrapping code 2017-05-17 23:02:09 +02:00
net_ads_setspn.c s3:utils: add new 'net ads setspn delete' subcommand 2018-03-02 14:07:14 +01:00
sasl_wrapping.c libads: abstract out SASL wrapping code 2017-05-17 23:02:09 +02:00
sasl.c libads: abstract out SASL wrapping code 2017-05-17 23:02:09 +02:00
sitename_cache.c libads: improve debug messages in sitename_fetch() 2016-07-12 21:23:48 +02:00
sitename_cache.h Add a talloc context to sitename_fetch(). 2013-09-05 09:17:27 -07:00
util.c s3:libads: Add a basic Windows SPN parser. 2018-03-02 14:07:14 +01:00