[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2797-g5f41913

Love Hörnquist Åstrand lha at kth.se
Tue Sep 9 23:55:15 GMT 2008

>> MIT refuses this packet, heimdal have fix for samba brokenness. msft
>> just  accepts both types.
> Ah. So we really should be calling ads_krb5_get_fwd_ticket in
> every case (just calling krb5_fwd_tgt_creds() with the
> "forwardable" flag as zero in the non-forwardable
> case.

No, you don't want a ticket in the 8003 checksum if you don't forward,  
and you don't want the penalty of a rtt to the kdc if you don't need it.

You should always use the 8003 checksum.

> However, I'm assuming that if we continue when
> krb5_fwd_tgt_creds() fails the returned fwdData will
> not have been created, and so I really should add
> a "if (fwdData.length)" around the "memcpy(p, fwdData.data,  
> fwdData.length"
> call and any other use of fwdData.data.
> Correct ?

You need to strip of the DlgOpt and Dlgth too.


More information about the samba-technical mailing list