kerberos stuff sesssetup.c

Gerald (Jerry) Carter jerry at samba.org
Tue Dec 16 02:56:48 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Love wrote:

| I'm not sure I like the lp_trusted_domains()/allow
| trusted domains to apply to kerberos realms, at
| least the trusted realms should be listed by name.

This is actually referring to the trusted realms
as returned by the Windows DC.  It is best IMO to
keep the behavior the same whether we are a member
of an NT4 domain or an AD domain.

| Anyway the reason I notice this is since as far
| I've mange to understand this, samba doesn't support
| the altSecurityIdentities, so I patch
| reply_spnego_kerberos to do the equvalent,
| works just fine. However, when

Not yet.  There are some issues with the patch that was
submitted recently.  We just have to work out some of
the dependencies rather than adding more baggage to smbd.
It shou;d happen for 3.0.2.

| I'm there and thinkering, I notice that in
|
| reply_spnego_kerberos()
|   variable foreign is only set, never used.
|   variable user is SAFE_FREE()ed, then used and free()
|   again (as a NULL ptr)

This sounds like some historical cruft left over from recent changes.
I'll look at it tomorrow.  Thanks for the heads up.

|
| Love
|


- --
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/3nRwIR7qMdg1EfYRArM/AJ9trC34g1+r64D28WryJ25CNSBTNQCdFeOB
Mbku7ACP9Nr0s0QGxanWFec=
=8v0e
-----END PGP SIGNATURE-----



More information about the samba-technical mailing list