[PATCH] samba3-keytab

[Luke Howard]

>>As far as I am aware, the servicePrincipalName can be set over LDAP
>>when an entry is added, but can only be modified using the
>>WriteAccountSpn RPC.
>wasn't that way in the past...I've definitely seen ldapmodify with add
>attributes of dnshostname and serviceprincipalname.  The doc says you can't
>do it, but WinXPsp1a does it...and win2kserver sp2 and sp3 allow it.

You're right -- I just tried against Windows 2003.

I wonder whether the documentation or the behavior is "correct". Certainly
some attributes, such as sAMAccountType, are not user modifiable.

-- Luke