diff options
-rw-r--r-- | source4/include/credentials.h | 1 | ||||
-rw-r--r-- | source4/lib/credentials.c | 22 | ||||
-rw-r--r-- | source4/setup/provision.ldif | 1 | ||||
-rw-r--r-- | source4/setup/secrets.ldif | 2 |
4 files changed, 25 insertions, 1 deletions
diff --git a/source4/include/credentials.h b/source4/include/credentials.h index 511b775795..58cc4767ad 100644 --- a/source4/include/credentials.h +++ b/source4/include/credentials.h @@ -58,6 +58,7 @@ struct cli_credentials { struct creds_CredentialState *netlogon_creds; enum netr_SchannelType secure_channel_type; + int kvno; /* We are flagged to get machine account details from the * secrets.ldb when we are asked for a username or password */ diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c index aaaa2cf05d..58a1b8c0e3 100644 --- a/source4/lib/credentials.c +++ b/source4/lib/credentials.c @@ -504,6 +504,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) "realm", "secureChannelType", "ntPwdHash", + "msDS-KeyVersionNumber", NULL }; @@ -594,6 +595,8 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) cli_credentials_set_password(cred, password, CRED_SPECIFIED); } + cli_credentials_set_kvno(cred, ldb_msg_find_int(msgs[0], "msDS-KeyVersionNumber", 0)); + talloc_free(mem_ctx); return NT_STATUS_OK; @@ -651,6 +654,25 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden return cred->secure_channel_type; } +/** + * Set Kerberos KVNO + */ + +void cli_credentials_set_kvno(struct cli_credentials *cred, + int kvno) +{ + cred->kvno = kvno; +} + +/** + * Return Kerberos KVNO + */ + +int cli_credentials_get_kvno(struct cli_credentials *cred) +{ + return cred->kvno; +} + /** * Fill in a credentials structure as the anonymous user */ diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c3968495e4..8ff93dde80 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -617,6 +617,7 @@ isCriticalSystemObject: TRUE unicodePwd: ${JOINPASS} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} +msDS-KeyVersionNumber: 1 dn: CN=krbtgt,CN=Users,${BASEDN} objectClass: top diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 69360f6bf2..15005163dc 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -28,4 +28,4 @@ secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} - +msDS-KeyVersionNumber: 1 |