[SCM] Samba Shared Repository - branch v3-2-test updated -
Love Hörnquist Åstrand
lha at kth.se
Tue Sep 9 23:55:15 GMT 2008
>> MIT refuses this packet, heimdal have fix for samba brokenness. msft
>> just accepts both types.
> Ah. So we really should be calling ads_krb5_get_fwd_ticket in
> every case (just calling krb5_fwd_tgt_creds() with the
> "forwardable" flag as zero in the non-forwardable
No, you don't want a ticket in the 8003 checksum if you don't forward,
and you don't want the penalty of a rtt to the kdc if you don't need it.
You should always use the 8003 checksum.
> However, I'm assuming that if we continue when
> krb5_fwd_tgt_creds() fails the returned fwdData will
> not have been created, and so I really should add
> a "if (fwdData.length)" around the "memcpy(p, fwdData.data,
> call and any other use of fwdData.data.
> Correct ?
You need to strip of the DlgOpt and Dlgth too.
More information about the samba-technical