samba4 provision dns.keytab generation howto?
Gémes Géza
geza at kzsdabas.hu
Thu Nov 3 01:39:04 MDT 2011
2011-11-03 08:35 keltezéssel, Amitay Isaacs írta:
> Hi Geza,
>
> 2011/11/3 Gémes Géza <geza at kzsdabas.hu <mailto:geza at kzsdabas.hu>>
>
> Hi,
>
> I would like to add (to samba-tool) the ability to export keytabs for
> individual user/spn-s.
> For that I've started studying the code to figure out how the
> dns.keytab
> is generated.
> Unfortunately I couldn't go past
> source4/scripting/python/samba/provision/__init__.py :-(
> What I've found: source4/libnet/libnet_export_keytab.c doesn't
> accept as
> a parameter anything user/spn related and thus exports the whole
> secrets
> database.
>
> Thank you for any pointers to the C/Python code which does
> creates/exports the dns.keytab.
>
> Cheers
>
> Geza
>
>
> dns.keytab is exported automatically by ldb module update_keytab.c. It
> uses
> privateKeytab attribute, which specifies the path to the keytab file.
>
> To export keytab for a principal, you'll need to create a python
> wrapper for krb5_kt_get_entry().
> For usage of krb5_kt_get_entry, check kt_copy() function in
> source4/auth/kerberos/kt_copy.c.
>
> Amitay.
Thank you Amitay!
krb5_kt_get_entry was the function I was looking for!
Cheers
Geza
More information about the samba-technical
mailing list