Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta

Subject:	Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data
From:	Andrew Bartlett
Date:	Wed, 23 Jan 2008 15:18:53 +1100

On Tue, 2008-01-22 at 12:45 +0100, Stefan (metze) Metzmacher wrote:
> Andrew Bartlett schrieb:
> > On Tue, 2008-01-22 at 12:16 +0100, Stefan (metze) Metzmacher wrote:
> >> Andrew,
> >>
> >> please commit this in small pieces using 'git add -i'
> >> and check with 'git diff --cached' what is selected for the next
> >> commit.
> > 
> >>>> diff --git a/source/libnet/libnet_become_dc.c 
> >>>> b/source/libnet/libnet_become_dc.c
> >>>> index 862631f..c9185c7 100644
> >>>> --- a/source/libnet/libnet_become_dc.c
> >>>> +++ b/source/libnet/libnet_become_dc.c
> >>>> @@ -1514,10 +1514,10 @@ static void becomeDC_drsuapi_connect_send(struct 
> >>>> libnet_BecomeDC_state *s,
> >>>>  
> >>>>          if (!drsuapi->binding) {
> >>>>                  if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc", 
> >>>> "print", false)) {
> >>>> -                        binding_str = talloc_asprintf(s, 
> >>>> "ncacn_ip_tcp:%s[krb5,print,seal]", s->source_dsa.dns_name);
> >>>> +                        binding_str = talloc_asprintf(s, 
> >>>> "ncacn_ip_tcp:%s[print,seal]", s->source_dsa.dns_name);
> >>>>                          if (composite_nomem(binding_str, c)) return;
> >>>>                  } else {
> >>>> -                        binding_str = talloc_asprintf(s, 
> >>>> "ncacn_ip_tcp:%s[krb5,seal]", s->source_dsa.dns_name);
> >>>> +                        binding_str = talloc_asprintf(s, 
> >>>> "ncacn_ip_tcp:%s[seal]", s->source_dsa.dns_name);
> >>>>                          if (composite_nomem(binding_str, c)) return;
> >>>>                  }
> >>>>                  c->status = dcerpc_parse_binding(s, binding_str, 
> >>>> &drsuapi->binding);
> >> Is this change really needed?
> >> We should really use krb5.
> > 
> > For some reason I was having trouble with krb5, so I disabled it on the
> > command line with -kno.  I had to change this to allow that to be
> > honoured. 
> > 
> > I think the correct place to handle this setting is in the credentials
> > subsystem (which reads the -kyes or -kno from the command line). 
> > 
> > We try SPNEGO first, then NTLMSSP as a fallback in the RPC connection
> > code.
> 
> The reason I added this was that I wanted to do the same as windows
> and windows uses the krb5 rpc auth mech (16) and not spnego.

What would you like me to do?  I would like to keep this consistent with
the rest of the code, if possible.  How should we consistently indicate
the use of auth type 16 (rather than SPNEGO, possibly restricted to
kerberos)?

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

<Prev in Thread]	Current Thread	[Next in Thread>
Fix up NET-API-BECOME-DC and repl_meta_data, Andrew Bartlett [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data, Andrew Bartlett Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data, Andrew Bartlett Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data, Stefan (metze) Metzmacher Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data, Andrew Bartlett Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data, Andrew Bartlett Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data, Stefan (metze) Metzmacher Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data, Andrew Bartlett <=

Previous by Date:	Re: registry_key->path ?, Jelmer Vernooij
Next by Date:	Re: PROPOSAL: extend UNIX_INFO2 to mark existence of ACLs, James Peach
Previous by Thread:	Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data, Stefan (metze) Metzmacher
Next by Thread:	Reworking python provision, Andrew Bartlett
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: [PATCH] Re: Fix up NET-API-BECOME-DC and repl_meta_data