Catching more principals in ads_keytab_verify_ticket()

Jeremy Allison jra at samba.org
Sun Mar 13 02:32:18 GMT 2005


On Sat, Mar 12, 2005 at 06:28:59PM -0800, Doug VanLeuven wrote:
> Jeremy Allison wrote:
> 
> >On Fri, Mar 11, 2005 at 01:44:41AM -0800, Doug VanLeuven wrote:
> > 
> >
> >>>>Even without the global option, updating the static list to include 
> >>>>cifs/<host>.<realm>@<REALM> might help fix bug 2414.  I've got a 
> >>>>patch for just that part right now.
> >>>>       
> >>>>
> >>>This patch adds these variations to samba managed keytabs:
> >>><global_myname())>.<REALM>@REALM that Michael Brown noticed
> >>>and
> >>><global_myname())>.<realm>@REALM that I'm seeing from Enterprise 2003 
> >>>Native mode for out-of-realm dns domains.
> >>>     
> >>>
> My Enterprise 2003 AD KDC started upcasing the first letter of the host 
> name.
> Adding this variation to libads/kerberos_keytab.c would add 13 
> additional entries for a total of 39.
> I wouldn't be suprised if I started seeing Host and Cifs.  That would 
> double the table size to 78 entries.
> That seems unreasonable.
> 
> This patch adds a global LIST variable to smb.conf allowing an 
> administrator to specify additional keytab principals in lieu of 
> patching the source and recompiling.  Suppresses duplicate static entries.
> 
> keytab principals = HOST/Lex at NT.LDXNET.COM \
>                     cifs/Lex.nt.ldxnet.com at NT.LDXNET.COM \
>                     Lex$@NT.LDXNET.COM HOST/LEX at NT.LDXNET.COM
> 

No patch attached I'm afriad...


More information about the samba-technical mailing list