svn commit: samba r15181 - in
branches/SAMBA_4_0/source/libcli/ldap: .
idra at samba.org
idra at samba.org
Sun Apr 23 17:22:33 GMT 2006
Author: idra
Date: 2006-04-23 17:22:32 +0000 (Sun, 23 Apr 2006)
New Revision: 15181
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15181
Log:
Don't try kerberos sign/seal when in SSL
Modified:
branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c 2006-04-23 15:39:32 UTC (rev 15180)
+++ branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c 2006-04-23 17:22:32 UTC (rev 15181)
@@ -25,6 +25,7 @@
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
+#include "lib/tls/tls.h"
#include "auth/auth.h"
static struct ldap_message *new_ldap_simple_bind_msg(struct ldap_connection *conn,
@@ -173,7 +174,11 @@
goto failed;
}
- gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ /* require Kerberos SIGN/SEAL only if we don't use SSL
+ * Windows seem not to like double encryption */
+ if (conn->tls == NULL || (! tls_enabled(conn->tls))) {
+ gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ }
status = gensec_set_credentials(conn->gensec, creds);
if (!NT_STATUS_IS_OK(status)) {
More information about the samba-cvs
mailing list