[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Wed Jul 20 04:13:03 MDT 2011 

The branch, master has been updated
       via  8d159e9 s4:kdc: restore the behavior before the last heimdal import
      from  481f05c s3-gse Work around the MIT 1.9 gss_krb5_import_cred

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8d159e9de108f2ccd107676a68802d90b95e5e7a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 20 10:22:10 2011 +0200

    s4:kdc: restore the behavior before the last heimdal import
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source4/kdc/kdc.c |   24 ++++++++++++++++--------
 1 files changed, 16 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 7c00ea9..4e1e27c 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -965,16 +965,24 @@ static void kdc_task_init(struct task_server *task)
 	kdc->config->num_db = 1;
 
 	/*
-	 * TODO: find out why this is needed in order
-	 *       to let make test work.
+	 * This restores the behavior before
+	 * commit 255e3e18e00f717d99f3bc57c8a8895ff624f3c3
+	 * s4:heimdal: import lorikeet-heimdal-201107150856
+	 * (commit 48936803fae4a2fb362c79365d31f420c917b85b)
 	 *
-	 *       Without this, we are getting PAC varification
-	 *       failures. I guess because the PAC is not signed
-	 *       with a arcfour-hmac-md5 key.
+	 * as_use_strongest_session_key,preauth_use_strongest_session_key
+	 * and tgs_use_strongest_session_key are input to the
+	 * _kdc_find_etype() function. The old bahavior is in
+	 * the use_strongest_session_key=FALSE code path.
+	 * (The only remaining difference in _kdc_find_etype()
+	 *  is the is_preauth parameter.)
+	 *
+	 * The old behavior in the _kdc_get_preferred_key()
+	 * function is use_strongest_server_key=TRUE.
 	 */
-	kdc->config->as_use_strongest_session_key = true;
-	kdc->config->preauth_use_strongest_session_key = true;
-	kdc->config->tgs_use_strongest_session_key = true;
+	kdc->config->as_use_strongest_session_key = false;
+	kdc->config->preauth_use_strongest_session_key = false;
+	kdc->config->tgs_use_strongest_session_key = false;
 	kdc->config->use_strongest_server_key = true;
 
 	/* Register hdb-samba4 hooks for use as a keytab */


-- 
Samba Shared Repository

More information about the samba-cvs mailing list