[PATCH] Change the behavior of ads_verify_ticket when
using keytabs
Gerald (Jerry) Carter
jerry at samba.org
Wed Jan 28 21:29:11 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Dan.
Sounds interesting. I must have missing the original patch. I'll
have to dig it up in the archives.
cheers, jerry
Dan Sledz wrote:
> Any comments/suggestions/nitpicks?
>
> -----Original Message-----
> From: samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org
> [mailto:samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org] On
> Behalf Of Dan Sledz
> Sent: Friday, January 23, 2009 11:00 AM
> To: samba-technical at lists.samba.org
> Subject: [PATCH] Change the behavior of ads_verify_ticket when using
> keytabs
>
> Attached is a patch that gives a little more flexibility to verifying
> incoming tickets by adding a notion of a dedicated keytab. The idea is
> that this keytab only contains valid principals so we can skip the pre
> filtering that is done in ads_keytab_verify_ticket. Isilon node's are
> multi-homed so tickets can come in based on several different principals
> of which samba has no knowledge.
>
>
>
> This also removes the "use kerberos keytab" parameter since it seemed
> confusing to have that and the new enum.
>
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewise.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJgM4nIR7qMdg1EfYRAu1+AKDaKpwRAQqlHD6DdU9d0m7Qi6sNBgCffCHY
QSANOk0FQKiNzIJOTnTipn4=
=d0Op
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list