Author: abartlet Date: 2006-10-16 07:30:49 +0000 (Mon, 16 Oct 2006) New Revision: 19320
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19320 Log: Always make the krb5 keys from the ntPwdHash. When we vampire a domain, we don't have the plaintext, but we need the krb5Key generated. Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c Changeset: Modified: branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c =================================================================== --- branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c 2006-10-16 05:09:28 UTC (rev 19319) +++ branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c 2006-10-16 07:30:49 UTC (rev 19320) @@ -724,12 +724,6 @@ return ret; } - /* add also kr5 keys based on NT the hash */ - ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context); - if (ret != LDB_SUCCESS) { - return ret; - } - /* if both the domain properties and the user account controls do not permit * clear text passwords then wipe out the sambaPassword */ user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); @@ -740,6 +734,12 @@ } } + /* add also krb5 keys based on NT the hash (we might have ntPwdHash, but not the cleartext */ + ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context); + if (ret != LDB_SUCCESS) { + return ret; + } + /* don't touch it if a value is set. It could be an incoming samsync */ if (ldb_msg_find_attr_as_uint64(msg, "pwdLastSet", 0) == 0) { if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) {