s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB

[ira/wip.git] / source4 / setup / secrets_dc.ldif

diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
index 71c7fc2f5b97afffbf4557ecda1872eb642ab013..b8251eece51ef8d0ed8ffa9f0d8a183b95456234 100644 (file)
--- a/source4/setup/secrets_dc.ldif
+++ b/source4/setup/secrets_dc.ldif
@@ -11,28 +11,14 @@ msDS-KeyVersionNumber: 1
 objectSid: ${DOMAINSID}
 privateKeytab: ${SECRETS_KEYTAB}
 
-# A hook from our credentials system into HDB, as we must be on a KDC,
-# we can look directly into the database.
-dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
-objectClass: top
-objectClass: secret
-objectClass: kerberosSecret
-flatname: ${DOMAIN}
-realm: ${REALM}
-sAMAccountName: krbtgt
-objectSid: ${DOMAINSID}
-servicePrincipalName: kadmin/changepw
-krb5Keytab: HDB:ldb:${SAM_LDB}:
-#The trailing : here is a HACK, but it matches the Heimdal format. 
-
-# A hook from our credentials system into HDB, as we must be on a KDC,
-# we can look directly into the database.
+#Update a keytab for the external DNS server to use 
 dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
 objectClass: top
 objectClass: secret
 objectClass: kerberosSecret
 realm: ${REALM}
 servicePrincipalName: DNS/${DNSDOMAIN}
+msDS-KeyVersionNumber: 1
 privateKeytab: ${DNS_KEYTAB}
 secret:: ${DNSPASS_B64}