[Samba] net ads commands and princs in krb5.keytab

Rick Brown Rick.Brown at oit.gatech.edu
Thu Dec 2 16:33:04 GMT 2004


I don't think this is possible, but it should be!

I want to use net ads commands for administrators on the command line
without including the domain admin accounts password.

Currently, I'm doing so via command lines such as:
net ads password username at .AD.DOMAIN.EDU \
	-U admin_user at AD.DOMAIN.EDU%admin_password users_new_password

/net ads search sAMAccountName=username \
	-U admin_user at AD.DOMAIN.EDU%admin_password

I can't stand having to include admin passwords on the command line,
and worse yet in the php scripts that call 'em.

What I'd prefer is to be able to use a krb5 princ in
/etc/krb5.keytab such as one would with kinit or kadmin with -p
and -k arguments.   Is this currently possible (but undocumented),
or planned for future development?

[         Rick Brown               ][      (404) 894-6175           ]
[ Office of Information Technology ][    rick at oit.gatech.edu 	    ]
[ Georgia Institute of Technology  ][  258 4th street. Atlanta, GA  ]


More information about the samba mailing list