Catching more principals in ads_keytab_verify_ticket()
Jeremy Allison
jra at samba.org
Sun Mar 13 02:32:18 GMT 2005
On Sat, Mar 12, 2005 at 06:28:59PM -0800, Doug VanLeuven wrote:
> Jeremy Allison wrote:
>
> >On Fri, Mar 11, 2005 at 01:44:41AM -0800, Doug VanLeuven wrote:
> >
> >
> >>>>Even without the global option, updating the static list to include
> >>>>cifs/<host>.<realm>@<REALM> might help fix bug 2414. I've got a
> >>>>patch for just that part right now.
> >>>>
> >>>>
> >>>This patch adds these variations to samba managed keytabs:
> >>><global_myname())>.<REALM>@REALM that Michael Brown noticed
> >>>and
> >>><global_myname())>.<realm>@REALM that I'm seeing from Enterprise 2003
> >>>Native mode for out-of-realm dns domains.
> >>>
> >>>
> My Enterprise 2003 AD KDC started upcasing the first letter of the host
> name.
> Adding this variation to libads/kerberos_keytab.c would add 13
> additional entries for a total of 39.
> I wouldn't be suprised if I started seeing Host and Cifs. That would
> double the table size to 78 entries.
> That seems unreasonable.
>
> This patch adds a global LIST variable to smb.conf allowing an
> administrator to specify additional keytab principals in lieu of
> patching the source and recompiling. Suppresses duplicate static entries.
>
> keytab principals = HOST/Lex at NT.LDXNET.COM \
> cifs/Lex.nt.ldxnet.com at NT.LDXNET.COM \
> Lex$@NT.LDXNET.COM HOST/LEX at NT.LDXNET.COM
>
No patch attached I'm afriad...
More information about the samba-technical
mailing list