[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Mon Sep 7 09:26:02 UTC 2020
The branch, master has been updated
via 6444a743525 s3:libads: Also add a realm entry for the domain name
via a5303967287 s3:libads: Only add RC4 if weak crypto is allowed
via 9cf1aecd73e s3:libads: Remove DES legacy types for Kerberos
from bd9f64d19dc Fixed arrow keys typo to the computer move command utility
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6444a743525532c70634e2dd4cacadce54ba2eab
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 3 13:49:33 2020 +0200
s3:libads: Also add a realm entry for the domain name
This is required if we try to authenticate as Administrator at DOMAIN so it
can find the KDC. This fixes 'net ads join' for ad_member_fips if we
require Kerberos auth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Sep 7 09:25:33 UTC 2020 on sn-devel-184
commit a5303967287cef0c3d0b653e2aca73d25d438cf7
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 3 11:45:33 2020 +0200
s3:libads: Only add RC4 if weak crypto is allowed
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
commit 9cf1aecd73e011ad03ddb072760454379b3f0a32
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 3 11:11:14 2020 +0200
s3:libads: Remove DES legacy types for Kerberos
We already removed DES support for Kerberos in Samba 4.12.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/libads/kerberos.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 3fab68266f2..1db285cd29a 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -611,9 +611,10 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
#endif
}
- if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
- lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
- legacy_enctypes = "RC4-HMAC DES-CBC-CRC DES-CBC-MD5";
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&
+ (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+ lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY)) {
+ legacy_enctypes = "RC4-HMAC";
}
enctypes =
@@ -744,11 +745,15 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
"\tdns_lookup_kdc = true\n\n"
"[realms]\n\t%s = {\n"
"%s\t}\n"
+ "\t%s = {\n"
+ "%s\t}\n"
"%s\n",
realm_upper,
enctypes,
realm_upper,
kdc_ip_string,
+ domain,
+ kdc_ip_string,
include_system_krb5);
if (!file_contents) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list