svn commit: samba r19321 - in
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
abartlet at samba.org
abartlet at samba.org
Mon Oct 16 07:32:22 GMT 2006
Author: abartlet
Date: 2006-10-16 07:32:22 +0000 (Mon, 16 Oct 2006)
New Revision: 19321
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19321
Log:
Merge from release branch:
Always set the krb5key from the ntPwdHash, even if we don't have the
cleartext password in sambaPassword. This fixes kerberos after a
vampire.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-10-16 07:30:49 UTC (rev 19320)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-10-16 07:32:22 UTC (rev 19321)
@@ -724,12 +724,6 @@
return ret;
}
- /* add also kr5 keys based on NT the hash */
- ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
/* if both the domain properties and the user account controls do not permit
* clear text passwords then wipe out the sambaPassword */
user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
@@ -740,6 +734,12 @@
}
}
+ /* add also krb5 keys based on NT the hash (we might have ntPwdHash, but not the cleartext */
+ ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
/* don't touch it if a value is set. It could be an incoming samsync */
if (ldb_msg_find_attr_as_uint64(msg, "pwdLastSet", 0) == 0) {
if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) {
More information about the samba-cvs
mailing list