Catching more principals in ads_keytab_verify_ticket()
Doug VanLeuven
roamdad at sonic.net
Sun Mar 13 02:28:59 GMT 2005
Jeremy Allison wrote:
>On Fri, Mar 11, 2005 at 01:44:41AM -0800, Doug VanLeuven wrote:
>
>
>>>>Even without the global option, updating the static list to include
>>>>cifs/<host>.<realm>@<REALM> might help fix bug 2414. I've got a
>>>>patch for just that part right now.
>>>>
>>>>
>>>This patch adds these variations to samba managed keytabs:
>>><global_myname())>.<REALM>@REALM that Michael Brown noticed
>>>and
>>><global_myname())>.<realm>@REALM that I'm seeing from Enterprise 2003
>>>Native mode for out-of-realm dns domains.
>>>
>>>
My Enterprise 2003 AD KDC started upcasing the first letter of the host
name.
Adding this variation to libads/kerberos_keytab.c would add 13
additional entries for a total of 39.
I wouldn't be suprised if I started seeing Host and Cifs. That would
double the table size to 78 entries.
That seems unreasonable.
This patch adds a global LIST variable to smb.conf allowing an
administrator to specify additional keytab principals in lieu of
patching the source and recompiling. Suppresses duplicate static entries.
keytab principals = HOST/Lex at NT.LDXNET.COM \
cifs/Lex.nt.ldxnet.com at NT.LDXNET.COM \
Lex$@NT.LDXNET.COM HOST/LEX at NT.LDXNET.COM
Regards, Doug
More information about the samba-technical
mailing list