PATCH: adjust 'net ads add keytab' for windows SPN(s) & add new 'net ads setspn' subcommand
Noel Power
nopower at suse.com
Mon Feb 5 14:56:10 UTC 2018
On 03/02/18 09:14, Andreas Schneider wrote:
> On Friday, 2 February 2018 14:03:55 CET Stefan Metzmacher via samba-technical
> wrote:
>> Hi Noel,
[...]
>> I haven't looked at the patches, but the above catched my attention.
>>
>> Does 'net ads keytab add' modify any AD objects today?
> It just adds SPNs to the machine account. Nothing else, but we could remove
> that. However then we need a 'net ads keytab update' function which checks the
> the machine account SPNs and adds missing one to the local keytab.
it's worth noting that 'net ads keytab create' afaics tries to do just
that if the keytab already exists, e.g. it pulls down all spn(s) from
the AD computer object converts those to kerberos principles to adds
them to the keytab if they are not present. AFAICS xisting entries in
the key tab are preserved
Noel
More information about the samba-technical
mailing list