Judging by set_password_with_computer_creds() found in adcli library/adenroll.c the answer to my question is yes. I was wondering if kadmin could be used to rotate a machine's password against an AD KDC, but that doesn't appear to be an option. I guess I should try to learn clang so that I can better understand the "magic" behind this method. This inquiry was partly prompted by a desire to use adcli update to force a machine password change and to overcome adcli's refusal to do so: * Password not too old, no change needed
I was able to overcome this by adding a new SPN to the computer account with --add-service-principal=<..> however I was hoping to change the machine password every minute if needed, simply for debug purposes. Adding and removing SPNs is not a terrible solution however it would be nice to have a --force option. That said, I really have nothing to complain about. I sincerely want to thank you for developing sssd and ancillary tools such as adcli. -- _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
