mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
0af66455ef
Modify default behaviour of 'net ads keytab create' The change modifies the behaviour of 'net ads keytab create' such that only the keytab file is modified. The current behaviour doesn't make sense, existing SPN(s) pulled from the computer AD object have the format 'serviceclass/host:port/servicename'. 'ads_keytab_create_default' calls ads_keytab_add_entry passing 'serviceclass' for each SPN retrieved from the AD. For each serviceclass passed in a new pair of SPN(s) is generated as follows i) long form 'param/full_qualified_dns' ii) short form 'param/netbios_name' This doesn't make sense as we are creating a new SPN(s) from an existing one probably replacing the existing host with the 'client' machine. If the keytab file exists then additionally each kerberos principal in the keytab file is parsed to strip out the primary, then 'ads_keytab_add_entry' is called which then tries by default to generate a SPN from any primary that doesn't end in '$'. By default those SPNs are then added to the AD computer account for the client running the command. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> |
||
---|---|---|
.. | ||
ads_ldap_protos.h | ||
ads_proto.h | ||
ads_status.c | ||
ads_status.h | ||
ads_struct.c | ||
authdata.c | ||
cldap.c | ||
cldap.h | ||
disp_sec.c | ||
kerberos_keytab.c | ||
kerberos_proto.h | ||
kerberos_util.c | ||
kerberos.c | ||
krb5_errs.c | ||
krb5_setpw.c | ||
ldap_printer.c | ||
ldap_schema_oids.h | ||
ldap_schema.c | ||
ldap_schema.h | ||
ldap_user.c | ||
ldap_utils.c | ||
ldap.c | ||
ndr.c | ||
net_ads_setspn.c | ||
sasl_wrapping.c | ||
sasl.c | ||
sitename_cache.c | ||
sitename_cache.h | ||
util.c |