1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4/setup/secrets.ldif
Andrew Bartlett 744dddd75b r21135: Instead of having hooks to update keytabs as an explicit thing, update
them as a hook on ldb modify, via a module.

This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.

This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.

Andrew Bartlett
(This used to be commit 6ce557a1af)
2007-10-10 14:44:31 -05:00

41 lines
1.0 KiB
Plaintext

dn: CN=LSA Secrets
objectClass: top
objectClass: container
cn: LSA Secrets
dn: CN=Primary Domains
objectClass: top
objectClass: container
cn: Primary Domains
dn: flatname=${DOMAIN},CN=Primary Domains
objectClass: top
objectClass: primaryDomain
objectClass: kerberosSecret
flatname: ${DOMAIN}
realm: ${REALM}
secret: ${MACHINEPASS}
secureChannelType: 6
sAMAccountName: ${NETBIOSNAME}$
whenCreated: ${LDAPTIME}
whenChanged: ${LDAPTIME}
msDS-KeyVersionNumber: 1
objectSid: ${DOMAINSID}
privateKeytab: ${SECRETS_KEYTAB}
# A hook from our credentials system into HDB, as we must be on a KDC,
# we can look directly into the database.
dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
objectClass: top
objectClass: secret
objectClass: kerberosSecret
flatname: ${DOMAIN}
realm: ${REALM}
sAMAccountName: krbtgt
whenCreated: ${LDAPTIME}
whenChanged: ${LDAPTIME}
objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
krb5Keytab: HDB:ldb:${SAM_LDB}:
#The trailing : here is a HACK, but it matches the Heimdal format.