[PATCH] Change the behavior of ads_verify_ticket whenusing keytabs

Steven Danneman steven.danneman at isilon.com
Mon Feb 2 05:42:36 GMT 2009


> > Attached is a patch that gives a little more flexibility to
verifying
> > incoming tickets by adding a notion of a dedicated keytab.  The idea
> is
> > that this keytab only contains valid principals so we can skip the
> pre
> > filtering that is done in ads_keytab_verify_ticket.  Isilon node's
> are
> > multi-homed so tickets can come in based on several different
> principals
> > of which samba has no knowledge.
> >
> >
> >
> > This also removes the "use kerberos keytab" parameter since it
seemed
> > confusing to have that and the new enum.

Dan,

I pushed this to master to be a part of the v3-4 branch.

Karolin,

This commit replaces an smb.conf parameter, so you'll want to make a
note in the eventual 3.4 release notes.  

-Steven


More information about the samba-technical mailing list