summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--source4/include/credentials.h1
-rw-r--r--source4/lib/credentials.c22
-rw-r--r--source4/setup/provision.ldif1
-rw-r--r--source4/setup/secrets.ldif2
4 files changed, 25 insertions, 1 deletions
diff --git a/source4/include/credentials.h b/source4/include/credentials.h
index 511b775795..58cc4767ad 100644
--- a/source4/include/credentials.h
+++ b/source4/include/credentials.h
@@ -58,6 +58,7 @@ struct cli_credentials {
struct creds_CredentialState *netlogon_creds;
enum netr_SchannelType secure_channel_type;
+ int kvno;
/* We are flagged to get machine account details from the
* secrets.ldb when we are asked for a username or password */
diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c
index aaaa2cf05d..58a1b8c0e3 100644
--- a/source4/lib/credentials.c
+++ b/source4/lib/credentials.c
@@ -504,6 +504,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
"realm",
"secureChannelType",
"ntPwdHash",
+ "msDS-KeyVersionNumber",
NULL
};
@@ -594,6 +595,8 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
cli_credentials_set_password(cred, password, CRED_SPECIFIED);
}
+ cli_credentials_set_kvno(cred, ldb_msg_find_int(msgs[0], "msDS-KeyVersionNumber", 0));
+
talloc_free(mem_ctx);
return NT_STATUS_OK;
@@ -651,6 +654,25 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden
return cred->secure_channel_type;
}
+/**
+ * Set Kerberos KVNO
+ */
+
+void cli_credentials_set_kvno(struct cli_credentials *cred,
+ int kvno)
+{
+ cred->kvno = kvno;
+}
+
+/**
+ * Return Kerberos KVNO
+ */
+
+int cli_credentials_get_kvno(struct cli_credentials *cred)
+{
+ return cred->kvno;
+}
+
/**
* Fill in a credentials structure as the anonymous user
*/
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index c3968495e4..8ff93dde80 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -617,6 +617,7 @@ isCriticalSystemObject: TRUE
unicodePwd: ${JOINPASS}
servicePrincipalName: HOST/${DNSNAME}
servicePrincipalName: HOST/${NETBIOSNAME}
+msDS-KeyVersionNumber: 1
dn: CN=krbtgt,CN=Users,${BASEDN}
objectClass: top
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index 69360f6bf2..15005163dc 100644
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -28,4 +28,4 @@ secureChannelType: 6
sAMAccountName: ${NETBIOSNAME}$
whenCreated: ${LDAPTIME}
whenChanged: ${LDAPTIME}
-
+msDS-KeyVersionNumber: 1