[PATCH] Change the behavior of ads_verify_ticket when
Gerald (Jerry) Carter
jerry at samba.org
Wed Jan 28 21:29:11 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Sounds interesting. I must have missing the original patch. I'll
have to dig it up in the archives.
Dan Sledz wrote:
> Any comments/suggestions/nitpicks?
> -----Original Message-----
> From: samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org
> [mailto:samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org] On
> Behalf Of Dan Sledz
> Sent: Friday, January 23, 2009 11:00 AM
> To: samba-technical at lists.samba.org
> Subject: [PATCH] Change the behavior of ads_verify_ticket when using
> Attached is a patch that gives a little more flexibility to verifying
> incoming tickets by adding a notion of a dedicated keytab. The idea is
> that this keytab only contains valid principals so we can skip the pre
> filtering that is done in ads_keytab_verify_ticket. Isilon node's are
> multi-homed so tickets can come in based on several different principals
> of which samba has no knowledge.
> This also removes the "use kerberos keytab" parameter since it seemed
> confusing to have that and the new enum.
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewise.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical