[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Jun 24 05:38:03 MDT 2015
The branch, master has been updated
via 0438027 auth: Explain why GSS_KRB5_CRED_NO_CI_FLAGS_X is needed
from 225d701 correct sense of macro variable name in SMB2 durable open test
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0438027a476e56bb5664886918a982929c6add87
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 23 17:39:27 2015 +0200
auth: Explain why GSS_KRB5_CRED_NO_CI_FLAGS_X is needed
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 24 13:37:02 CEST 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_krb5.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index d6aaae6..286bede 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -635,7 +635,15 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
}
#ifdef HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
- /* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */
+ /*
+ * Don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG.
+ *
+ * This allows us to disable SIGN and SEAL on a TLS connection with
+ * GSS-SPNENO. For example ldaps:// connections.
+ *
+ * https://groups.yahoo.com/neo/groups/cat-ietf/conversations/topics/575
+ * http://krbdev.mit.edu/rt/Ticket/Display.html?id=6938
+ */
maj_stat = gss_set_cred_option(&min_stat, &gcc->creds,
GSS_KRB5_CRED_NO_CI_FLAGS_X,
&empty_buffer);
--
Samba Shared Repository
More information about the samba-cvs
mailing list