Initial implementation of security descriptor creation in DS

[ira/wip.git] / source4 / setup / secrets_dc.ldif

diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
index 8ae5578e6b4f6820762d4435e3148ebb9e4b6263..b8251eece51ef8d0ed8ffa9f0d8a183b95456234 100644 (file)
--- a/source4/setup/secrets_dc.ldif
+++ b/source4/setup/secrets_dc.ldif
@@ -11,22 +11,7 @@ msDS-KeyVersionNumber: 1
 objectSid: ${DOMAINSID}
 privateKeytab: ${SECRETS_KEYTAB}
 
-# A hook from our credentials system into HDB, as we must be on a KDC,
-# we can look directly into the database.
-dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
-objectClass: top
-objectClass: secret
-objectClass: kerberosSecret
-flatname: ${DOMAIN}
-realm: ${REALM}
-sAMAccountName: krbtgt
-objectSid: ${DOMAINSID}
-servicePrincipalName: kadmin/changepw
-krb5Keytab: HDB:samba4:${SAM_LDB}:
-#The trailing : here is a HACK, but it matches the Heimdal format. 
-
-# A hook from our credentials system into HDB, as we must be on a KDC,
-# we can look directly into the database.
+#Update a keytab for the external DNS server to use 
 dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
 objectClass: top
 objectClass: secret