|
|
The branch, v4-0-test has been updated
via 88970c4d4192635544cf63e79e929e9bb05ecb5f (commit)
from 7e90cc197c4fb2884f368cd72f391d0d8016fb96 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 88970c4d4192635544cf63e79e929e9bb05ecb5f
Author: Stefan Metzmacher <metze@xxxxxxxxx>
Date: Mon Jul 28 09:29:42 2008 +0200
auth/credentials: explain why we need to the enctypes for the gssapi layer
metze
-----------------------------------------------------------------------
Summary of changes:
source/auth/credentials/credentials_krb5.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/credentials/credentials_krb5.c
b/source/auth/credentials/credentials_krb5.c
index c4c5839..1a2d5fa 100644
--- a/source/auth/credentials/credentials_krb5.c
+++ b/source/auth/credentials/credentials_krb5.c
@@ -392,7 +392,17 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
return ret;
}
- /* transfer the enctypes from the smb_krb5_context to the gssapi layer
*/
+ /*
+ * transfer the enctypes from the smb_krb5_context to the gssapi layer
+ *
+ * We use 'our' smb_krb5_context to do the AS-REQ and it is possible
+ * to configure the enctypes via the krb5.conf.
+ *
+ * And the gss_init_sec_context() creates it's own krb5_context and
+ * the TGS-REQ had all enctypes in it and only the ones configured
+ * and used for the AS-REQ, so it wasn't possible to disable the usage
+ * of AES keys.
+ */
min_stat =
krb5_get_default_in_tkt_etypes(ccache->smb_krb5_context->krb5_context,
&etypes);
if (min_stat == 0) {
--
Samba Shared Repository
|
|