samba4 provision dns.keytab generation howto?

Amitay Isaacs amitay at gmail.com
Thu Nov 3 01:35:17 MDT 2011


Hi Geza,

2011/11/3 Gémes Géza <geza at kzsdabas.hu>

> Hi,
>
> I would like to add (to samba-tool) the ability to export keytabs for
> individual user/spn-s.
> For that I've started studying the code to figure out how the dns.keytab
> is generated.
> Unfortunately I couldn't go past
> source4/scripting/python/samba/provision/__init__.py :-(
> What I've found: source4/libnet/libnet_export_keytab.c doesn't accept as
> a parameter anything user/spn related and thus exports the whole secrets
> database.
>
> Thank you for any pointers to the C/Python code which does
> creates/exports the dns.keytab.
>
> Cheers
>
> Geza
>

dns.keytab is exported automatically by ldb module update_keytab.c. It uses
privateKeytab attribute, which specifies the path to the keytab file.

To export keytab for a principal, you'll need to create a python wrapper
for krb5_kt_get_entry().
For usage of krb5_kt_get_entry, check kt_copy() function in
source4/auth/kerberos/kt_copy.c.

Amitay.


More information about the samba-technical mailing list