svn commit: samba r4338 - in branches/SAMBA_4_0/source: libcli/auth librpc/idl

Stefan (metze) Metzmacher metze at samba.org
Thu Dec 23 18:56:59 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Bartlett schrieb:
| On Thu, 2004-12-23 at 13:23, metze at samba.org wrote:
|
|>Author: metze
|>Date: 2004-12-23 02:23:42 +0000 (Thu, 23 Dec 2004)
|>New Revision: 4338
|>
|>WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4338
|>
|>Log:
|>reuse netlogon structs in the krb5 PAC
|>that simplifies the code a lot...
|>
|>also add a note: we should fail the krb5 auth if there's no
|>PAC present (when heimdal is ready for that:-)
|
|
| On this point I disagree.  We should support logins against an 'MIT'
| server (that is, as server not doing PAC stuff), and figure out the
| gorups another way.  One way might be this kind of local SAM lookup, or
| a different plugin for group lookups.

maybe we can make this configurable, with the default to disallow PAC'less krb5,
but we'll see...



- --
metze

Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFByxT7m70gjA5TCD8RAuvpAJ4yypLmM+gH8HRU0MluFtaT/n+CtACfXDKO
uLjjfU0KtpVhlfoeYx7zbE4=
=HhHt
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list