[PATCH] Bug#1780 smbspool can't use kerberos authentication
Gerald (Jerry) Carter
jerry at samba.org
Mon May 9 14:48:58 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Rodrigo Fernandez-Vizarra wrote:
| Attached you will find two patches.
| The first one samba3-smbspool-krb.patch allows
| the smbspool cups backend to use the kerberos credentials
| of the user who issued the print job.
| The second one does the same but also works in those
| systems, as SuSE SLES 9.0 where root processes are
| not allowed to read user kerberos ticket
| cache (don't know if this is a bug or a feature).
| Of course, for this patch to work you have to have
| a kerberos ticket available ( kinit, or pam_krb5 configured).
| It first try to use the username:password (if any )
| encoded in the DEVICE_URL, if it fails it tries to use
| kerberos, if that fails tries an anonymous authentication.
| Any feedback will be welcomed.
I'm trying to remember the original discussions
we had so I can check this patch in. What was the
drawback (if any) of using the second patch?
- --- smbspool.c.krb5 2005-05-09 08:36:58.857396000 -0500
+++ smbspool.c.setuid 2005-05-09 08:37:33.095806000 -0500
@@ -408,6 +408,13 @@
~ return NULL;
+ * Change the UID of the process to be able to read the kerberos
+ * ticket cache
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical