From: Pavel Filipenský Date: Mon, 12 Feb 2024 09:25:06 +0000 (+0100) Subject: WHATSNEW: Automatic keytab update after machine password changes X-Git-Tag: tdb-1.4.11~10 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e61f53b656f074a80ae66dfda776b56b03cc9918;p=thirdparty%2Fsamba.git WHATSNEW: Automatic keytab update after machine password changes BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750 Signed-off-by: Pavel Filipenský Reviewed-by: Stefan Metzmacher Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Fri Jul 26 18:16:15 UTC 2024 on atb-devel-224 --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d366393249a..7e283f6031a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -183,10 +183,27 @@ groups. To apply a veto or hide directive to a filename for a specific user or group, prefix the filename with "../USERNAME/" or "../GROUPNAME/". For details consult the updated smb.conf manpage. +Automatic keytab update after machine password change +----------------------------------------------------- + +When machine account password is updated, either by winbind doing regular +updates or manually (e.g. net ads changetrustpw), now winbind will also support +update of keytab entries in case you use newly added option +'sync machine password to keytab'. +The new parameter allows you to describe what keytabs and how should be updated. +A new parameter 'sync machine password script' allows to specify external script +that will be triggered after the automatic keytab update. For detailed +information check the smb.conf manpage. REMOVED FEATURES ================ +Following commands are removed: + +net ads keytab add +net ads keytab delete +net ads keytab add_update_ads + smb.conf changes ================ @@ -205,6 +222,8 @@ smb.conf changes write list Hardening veto files Added per-user and per-group vetos hide files Added per-user and per-group hides + sync machine password to keytab keytabs + sync machine password script script KNOWN ISSUES