[PATCH] Change the behavior of ads_verify_ticket when using keytabs

Gerald (Jerry) Carter jerry at samba.org
Wed Jan 28 21:29:11 GMT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Dan.

Sounds interesting.  I must have missing the original patch.  I'll
have to dig it up in the archives.



cheers, jerry

Dan Sledz wrote:
> Any comments/suggestions/nitpicks?
> 
> -----Original Message-----
> From: samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org
> [mailto:samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org] On
> Behalf Of Dan Sledz
> Sent: Friday, January 23, 2009 11:00 AM
> To: samba-technical at lists.samba.org
> Subject: [PATCH] Change the behavior of ads_verify_ticket when using
> keytabs
> 
> Attached is a patch that gives a little more flexibility to verifying
> incoming tickets by adding a notion of a dedicated keytab.  The idea is
> that this keytab only contains valid principals so we can skip the pre
> filtering that is done in ads_keytab_verify_ticket.  Isilon node's are
> multi-homed so tickets can come in based on several different principals
> of which samba has no knowledge.
> 
>  
> 
> This also removes the "use kerberos keytab" parameter since it seemed
> confusing to have that and the new enum.
> 


- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software                  ---------  http://www.likewise.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJgM4nIR7qMdg1EfYRAu1+AKDaKpwRAQqlHD6DdU9d0m7Qi6sNBgCffCHY
QSANOk0FQKiNzIJOTnTipn4=
=d0Op
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list