mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
c82c9fe7bb
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).
The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code. We also update the msDS-KeyVersionNumber, and the password
history. This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.
By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic. (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB. This simplfies the KDC code.).
It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e902274321
)
75 lines
2.0 KiB
Plaintext
75 lines
2.0 KiB
Plaintext
dn: @INDEXLIST
|
|
@IDXATTR: name
|
|
@IDXATTR: sAMAccountName
|
|
@IDXATTR: objectSid
|
|
@IDXATTR: objectClass
|
|
@IDXATTR: member
|
|
@IDXATTR: unixID
|
|
@IDXATTR: unixName
|
|
@IDXATTR: privilege
|
|
@IDXATTR: nCName
|
|
|
|
dn: @ATTRIBUTES
|
|
userPrincipalName: CASE_INSENSITIVE
|
|
servicePrincipalName: CASE_INSENSITIVE
|
|
dnsDomain: CASE_INSENSITIVE
|
|
dnsRoot: CASE_INSENSITIVE
|
|
nETBIOSName: CASE_INSENSITIVE
|
|
cn: CASE_INSENSITIVE
|
|
dc: CASE_INSENSITIVE
|
|
name: CASE_INSENSITIVE
|
|
dn: CASE_INSENSITIVE
|
|
sAMAccountName: CASE_INSENSITIVE
|
|
objectClass: CASE_INSENSITIVE
|
|
unicodePwd: HIDDEN
|
|
krb5Key: HIDDEN
|
|
ntPwdHash: HIDDEN
|
|
ntPwdHistory: HIDDEN
|
|
lmPwdHash: HIDDEN
|
|
lmPwdHistory: HIDDEN
|
|
createTimestamp: HIDDEN
|
|
modifyTimestamp: HIDDEN
|
|
groupType: INTEGER
|
|
sAMAccountType: INTEGER
|
|
systemFlags: INTEGER
|
|
userAccountControl: INTEGER
|
|
|
|
dn: @SUBCLASSES
|
|
top: domain
|
|
top: person
|
|
top: group
|
|
domain: domainDNS
|
|
domain: builtinDomain
|
|
person: organizationalPerson
|
|
organizationalPerson: user
|
|
user: computer
|
|
template: userTemplate
|
|
template: groupTemplate
|
|
|
|
# the rootDSE module looks in this record for its base data
|
|
dn: cn=ROOTDSE
|
|
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN}
|
|
dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN}
|
|
namingContexts: ${BASEDN}
|
|
namingContexts: CN=Configuration,${BASEDN}
|
|
namingContexts: CN=Schema,CN=Configuration,${BASEDN}
|
|
defaultNamingContext: ${BASEDN}
|
|
rootDomainNamingContext: ${BASEDN}
|
|
configurationNamingContext: CN=Configuration,${BASEDN}
|
|
schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN}
|
|
supportedLDAPVersion: 3
|
|
supportedSASLMechanisms: GSS-SPNEGO
|
|
dnsHostName: ${DNSNAME}
|
|
ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
|
|
serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN}
|
|
domainFunctionality: 0
|
|
forestFunctionality: 0
|
|
domainControllerFunctionality: 2
|
|
isSynchronized: TRUE
|
|
|
|
#Add modules to the list to activate them by default
|
|
#beware often order is important
|
|
dn: @MODULES
|
|
@LIST: rootdse,samldb,password_hash,operational,objectguid,rdn_name
|
|
|