[Samba] 'Scripted' machine account renewal?!
Marco Gaiarin
gaio at lilliput.linux.it
Mon Feb 26 21:54:10 UTC 2024
Mandi! Kees van Vloten via samba
In chel di` si favelave...
>> For a sake of simplicity i'm thinking to use machine account (-P).
> There is "net changetrustpw" to do this.
Ok, i've missed that. Thanks.
> If you just have a service that does LDAP-queries, I would create an
> ordinary user-account for it (and start it's name e.g. with "svc_").
This is my first options, i was only speculating...
> With this you decide easily how to manage the password. Or if you use
> kerberos for this account, you can set the password with samba-tool to a
> random very long value and use a SPN and keytab for authentication, no
> hassle with passwords at all...
Interesting... i supposed that still Kerberos ticket have to be 'upgraded',
so... there's really a way to generate a 'permanent' kerberos ticket?
Some info on how to do this? Thanks.
--
In amore ci vuole fortuna, ma anche un bel culo non guasta.
(Fabio Fazio)
More information about the samba
mailing list