|
|
Andrew Bartlett schrieb:
> On Tue, 2008-01-22 at 12:16 +0100, Stefan (metze) Metzmacher wrote:
>> Andrew,
>>
>> please commit this in small pieces using 'git add -i'
>> and check with 'git diff --cached' what is selected for the next
>> commit.
>
>>>> diff --git a/source/libnet/libnet_become_dc.c
>>>> b/source/libnet/libnet_become_dc.c
>>>> index 862631f..c9185c7 100644
>>>> --- a/source/libnet/libnet_become_dc.c
>>>> +++ b/source/libnet/libnet_become_dc.c
>>>> @@ -1514,10 +1514,10 @@ static void becomeDC_drsuapi_connect_send(struct
>>>> libnet_BecomeDC_state *s,
>>>>
>>>> if (!drsuapi->binding) {
>>>> if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc", "print",
>>>> false)) {
>>>> - binding_str = talloc_asprintf(s,
>>>> "ncacn_ip_tcp:%s[krb5,print,seal]", s->source_dsa.dns_name);
>>>> + binding_str = talloc_asprintf(s,
>>>> "ncacn_ip_tcp:%s[print,seal]", s->source_dsa.dns_name);
>>>> if (composite_nomem(binding_str, c)) return;
>>>> } else {
>>>> - binding_str = talloc_asprintf(s,
>>>> "ncacn_ip_tcp:%s[krb5,seal]", s->source_dsa.dns_name);
>>>> + binding_str = talloc_asprintf(s,
>>>> "ncacn_ip_tcp:%s[seal]", s->source_dsa.dns_name);
>>>> if (composite_nomem(binding_str, c)) return;
>>>> }
>>>> c->status = dcerpc_parse_binding(s, binding_str,
>>>> &drsuapi->binding);
>> Is this change really needed?
>> We should really use krb5.
>
> For some reason I was having trouble with krb5, so I disabled it on the
> command line with -kno. I had to change this to allow that to be
> honoured.
>
> I think the correct place to handle this setting is in the credentials
> subsystem (which reads the -kyes or -kno from the command line).
>
> We try SPNEGO first, then NTLMSSP as a fallback in the RPC connection
> code.
The reason I added this was that I wanted to do the same as windows
and windows uses the krb5 rpc auth mech (16) and not spnego.
metze
|
|