[PATCH] Change the behavior of ads_verify_ticket when using
keytabs
Dan Sledz
dan.sledz at isilon.com
Wed Jan 28 20:59:53 GMT 2009
Any comments/suggestions/nitpicks?
-----Original Message-----
From: samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org
[mailto:samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org] On
Behalf Of Dan Sledz
Sent: Friday, January 23, 2009 11:00 AM
To: samba-technical at lists.samba.org
Subject: [PATCH] Change the behavior of ads_verify_ticket when using
keytabs
Attached is a patch that gives a little more flexibility to verifying
incoming tickets by adding a notion of a dedicated keytab. The idea is
that this keytab only contains valid principals so we can skip the pre
filtering that is done in ads_keytab_verify_ticket. Isilon node's are
multi-homed so tickets can come in based on several different principals
of which samba has no knowledge.
This also removes the "use kerberos keytab" parameter since it seemed
confusing to have that and the new enum.
More information about the samba-technical
mailing list