\"$prefix_abs/keytab0k:account_name:sync_kvno:machine_password:sync_etypes\", \\
\"$prefix_abs/keytab1:sync_spns:machine_password:sync_etypes\", \\
\"$prefix_abs/keytab1k:sync_spns:sync_kvno:machine_password:sync_etypes\", \\
- \"$prefix_abs/keytab2:spn_prefixes=imap,smtp:additional_dns_hostnames:netbios_aliases:machine_password:sync_etypes\", \\
- \"$prefix_abs/keytab2k:spn_prefixes=imap,smtp:additional_dns_hostnames:sync_kvno:machine_password:sync_etypes\", \\
+ \"$prefix_abs/keytab2:spn_prefixes=host,imap,smtp:additional_dns_hostnames:netbios_aliases:machine_password:sync_etypes\", \\
+ \"$prefix_abs/keytab2k:spn_prefixes=host,imap,smtp:additional_dns_hostnames:sync_kvno:machine_password:sync_etypes\", \\
\"$prefix_abs/keytab3:spns=wurst/brot\@$dcvars->{REALM}:machine_password:sync_etypes\", \\
\"$prefix_abs/keytab3k:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\", \\
- \"$prefix_abs/keytab4k:account_name:sync_account_name:spn_prefixes=imap,smtp:additional_dns_hostnames:netbios_aliases:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\"
+ \"$prefix_abs/keytab4k:account_name:sync_account_name:spn_prefixes=host,imap,smtp:additional_dns_hostnames:netbios_aliases:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\"
";
}
enum spn_spec_type {
SPN_SPEC_ACCOUNT_NAME,
SPN_SPEC_SYNC_ACCOUNT_NAME,
- SPN_SPEC_HOST,
SPN_SPEC_SYNC_UPN,
SPN_SPEC_SYNC_SPNS,
SPN_SPEC_FULL,
} else if (strequal(option, "sync_account_name")) {
spec_type = SPN_SPEC_SYNC_ACCOUNT_NAME;
gstate->sync_sam_account = true;
- } else if (strequal(option, "host")) {
- spec_type = SPN_SPEC_HOST;
} else if (strequal(option, "sync_upn")) {
spec_type = SPN_SPEC_SYNC_UPN;
gstate->sync_upn = true;
*olist = 0;
olist++;
- /* Always add 'host' principal */
- desc->spec_array[SPN_SPEC_HOST].is_set = true;
-
/* Entries are separated via ':' */
while ((tmp = strchr_m(olist, ':')) != NULL) {
*tmp = 0;
/*
* Fill struct pw2kt_global_state with defaults if
* "sync machine password to keytab" is missing in smb.conf
- * Creates 1 keytab with 3 SPN specifiers (sync_spns, account_name, host).
+ * Creates 1 keytab with these SPN specifiers:
+ * sync_spns:account_name:spn_prefixes=host:sync_kvno:machine_password
*/
static ADS_STATUS pw2kt_default_cfg(const char *name,
struct pw2kt_global_state *state)
desc->spec_array[SPN_SPEC_SYNC_SPNS].is_set = true;
desc->spec_array[SPN_SPEC_ACCOUNT_NAME].is_set = true;
- desc->spec_array[SPN_SPEC_HOST].is_set = true;
+ desc->spec_array[SPN_SPEC_PREFIX].is_set = true;
- return ADS_SUCCESS;
+ return pw2kt_add_val(state->keytabs,
+ &desc->spec_array[SPN_SPEC_PREFIX],
+ "host");
}
/*
case SPN_SPEC_SYNC_ACCOUNT_NAME:
ADD_INFO(gstate->ad_sam_account);
break;
- case SPN_SPEC_HOST:
- status = pw2kt_add_prefix(gstate, state2, keytabptr, "host");
- if (!ADS_ERR_OK(status)) {
- return status;
- }
- break;
case SPN_SPEC_SYNC_UPN:
if (gstate->ad_upn != NULL) {
ADD_INFO(gstate->ad_upn);
-2 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM
-3 aes128-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM
-3 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM
- -1 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -2 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -3 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -1 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -2 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -3 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -1 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -2 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -3 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -1 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -2 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -3 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
";
keytab0k="\
4 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM
5 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM
6 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM
- 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
";
keytab1="\
- -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
-1 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
-2 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
-3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
-1 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
-2 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
-3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
";
keytab1k="\
- 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
4 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
5 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
6 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
4 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
5 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
6 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
";
keytab3="\
- -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
-1 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM
-2 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM
-3 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM
";
keytab3k="\
- 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM
- 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
- 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM
4 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM
5 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM
6 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM
projects / thirdparty / samba.git / commitdiff
