svn commit: samba r19320 - in branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules: .

[abartlet at samba.org]

Author: abartlet
Date: 2006-10-16 07:30:49 +0000 (Mon, 16 Oct 2006)
New Revision: 19320

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19320

Log:
Always make the krb5 keys from the ntPwdHash.  When we vampire a
domain, we don't have the plaintext, but we need the krb5Key
generated.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c


Changeset:
Modified: branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c
===================================================================
--- branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c	2006-10-16 05:09:28 UTC (rev 19319)
+++ branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c	2006-10-16 07:30:49 UTC (rev 19320)
@@ -724,12 +724,6 @@
 			return ret;
 		}
 		
-		/* add also kr5 keys based on NT the hash */
-		ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context);
-		if (ret != LDB_SUCCESS) {
-			return ret;
-		}
-		
 		/* if both the domain properties and the user account controls do not permit
 		 * clear text passwords then wipe out the sambaPassword */
 		user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
@@ -740,6 +734,12 @@
 		}
 	}
 
+	/* add also krb5 keys based on NT the hash (we might have ntPwdHash, but not the cleartext */
+	ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+		
 	/* don't touch it if a value is set. It could be an incoming samsync */
 	if (ldb_msg_find_attr_as_uint64(msg, "pwdLastSet", 0) == 0) {
 		if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) {