[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-167-g0aa6d63

Stefan (metze) Metzmacher metze at samba.org
Mon Jul 28 06:54:43 GMT 2008


Andrew Bartlett schrieb:
> On Sat, 2008-07-26 at 14:48 -0500, Stefan Metzmacher wrote:
>> The branch, v4-0-test has been updated
>>        via  0aa6d63ec571b0ca05fbfe14d2b4e9ba3e1082e9 (commit)
>>        via  9fc5750156467f579ea8d7755987d091f5b579c2 (commit)
>>       from  2f06fbe06be2e1b77ea013ddba853ce819e58e88 (commit)
>>
>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
>>
>>
>> - Log -----------------------------------------------------------------
>> commit 0aa6d63ec571b0ca05fbfe14d2b4e9ba3e1082e9
>> Author: Stefan Metzmacher <metze at samba.org>
>> Date:   Fri Jul 25 16:02:29 2008 +0200
>>
>>     lib/ldb/tools: allow -W and --realm when build from samba4
>>     
>>     metze
>>
>> commit 9fc5750156467f579ea8d7755987d091f5b579c2
>> Author: Stefan Metzmacher <metze at samba.org>
>> Date:   Fri Jul 25 16:00:50 2008 +0200
>>
>>     auth/credentials: use the same enctypes when getting a TGT and a TGS
>>     
>>     metze
> 
> What was wrong with the previous defaults?  (I'm just trying to
> understand the background behind your change).

We use 'our' smb_krb5_context to do the AS-REQ and it is possible
to configure the enctypes via the krb5.conf.

And the gss_init_sec_context() creates it's own krb5_context and
the TGS-REQ had all enctypes in it and only the ones configured
and used for the AS-REQ, so it wasn't possible to disable the usage
of AES keys.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080728/ed113dd8/signature.bin


More information about the samba-technical mailing list