[PATCH] Set WBFLAG_PAM_CONTACT_TRUSTDOM in do_ccache_ntlm_auth() when krb5_auth is enabled

boyang boyang at suse.de
Thu Apr 2 13:25:46 GMT 2009


Hi,
     When krb5_auth is enabled, PAM_AUTH is forwarded to trusted domain,
which cause the cached credentials being stored in the process of
trusted domain. When we do NTLM_CCACHE_AUTH, if
WBFLAG_PAM_CONTACT_TRUSTDOM is not set in request flags, the request
will be forwarded to primary domain, which causes NTLM_CCACHE_AUTH fail.
     I think we should check pam_winbind.conf to figure out whether we
should set WBFLAG_PAM_CONTACT_TRUSTDOM. patch is for master.
     Please review it.
     Thanks!
Best
       Regards
BoYang
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntlm_auth_request_flags-master.diff
Type: text/x-patch
Size: 5047 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090402/a9e290da/ntlm_auth_request_flags-master.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: boyang.vcf
Type: text/x-vcard
Size: 187 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090402/a9e290da/boyang.vcf


More information about the samba-technical mailing list