source/setup/secrets.ldif

   1 dn: CN=LSA Secrets
   2 objectClass: top
   3 objectClass: container
   4 cn: LSA Secrets
   5
   6 dn: CN=Primary Domains
   7 objectClass: top
   8 objectClass: container
   9 cn: Primary Domains
  10
  11 dn: flatname=${DOMAIN},CN=Primary Domains
  12 objectClass: top
  13 objectClass: primaryDomain
  14 objectClass: kerberosSecret
  15 flatname: ${DOMAIN}
  16 realm: ${REALM}
  17 secret: ${MACHINEPASS}
  18 secureChannelType: 6
  19 sAMAccountName: ${NETBIOSNAME}$
  20 whenCreated: ${LDAPTIME}
  21 whenChanged: ${LDAPTIME}
  22 msDS-KeyVersionNumber: 1
  23 objectSid: ${DOMAINSID}
  24 privateKeytab: ${SECRETS_KEYTAB}
  25
  26 # A hook from our credentials system into HDB, as we must be on a KDC,
  27 # we can look directly into the database.
  28 dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
  29 objectClass: top
  30 objectClass: secret
  31 objectClass: kerberosSecret
  32 flatname: ${DOMAIN}
  33 realm: ${REALM}
  34 sAMAccountName: krbtgt
  35 whenCreated: ${LDAPTIME}
  36 whenChanged: ${LDAPTIME}
  37 objectSid: ${DOMAINSID}
  38 servicePrincipalName: kadmin/changepw
  39 krb5Keytab: HDB:ldb:${SAM_LDB}:
  40 #The trailing : here is a HACK, but it matches the Heimdal format.