mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
744dddd75b
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1af
)
41 lines
1.0 KiB
Plaintext
41 lines
1.0 KiB
Plaintext
dn: CN=LSA Secrets
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: LSA Secrets
|
|
|
|
dn: CN=Primary Domains
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Primary Domains
|
|
|
|
dn: flatname=${DOMAIN},CN=Primary Domains
|
|
objectClass: top
|
|
objectClass: primaryDomain
|
|
objectClass: kerberosSecret
|
|
flatname: ${DOMAIN}
|
|
realm: ${REALM}
|
|
secret: ${MACHINEPASS}
|
|
secureChannelType: 6
|
|
sAMAccountName: ${NETBIOSNAME}$
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
msDS-KeyVersionNumber: 1
|
|
objectSid: ${DOMAINSID}
|
|
privateKeytab: ${SECRETS_KEYTAB}
|
|
|
|
# A hook from our credentials system into HDB, as we must be on a KDC,
|
|
# we can look directly into the database.
|
|
dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
|
|
objectClass: top
|
|
objectClass: secret
|
|
objectClass: kerberosSecret
|
|
flatname: ${DOMAIN}
|
|
realm: ${REALM}
|
|
sAMAccountName: krbtgt
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
objectSid: ${DOMAINSID}
|
|
servicePrincipalName: kadmin/changepw
|
|
krb5Keytab: HDB:ldb:${SAM_LDB}:
|
|
#The trailing : here is a HACK, but it matches the Heimdal format.
|