[PATCH] Change the behavior of ads_verify_ticket when
using keytabs
Dan Sledz
dan.sledz at isilon.com
Fri Jan 30 20:49:20 GMT 2009
Have you had a chance to look at this yet?
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: Wednesday, January 28, 2009 1:29 PM
To: Dan Sledz
Cc: samba-technical at lists.samba.org
Subject: Re: [PATCH] Change the behavior of ads_verify_ticket when using
keytabs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Dan.
Sounds interesting. I must have missing the original patch. I'll
have to dig it up in the archives.
cheers, jerry
Dan Sledz wrote:
> Any comments/suggestions/nitpicks?
>
> -----Original Message-----
> From: samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org
> [mailto:samba-technical-bounces+dan.sledz=isilon.com at lists.samba.org]
On
> Behalf Of Dan Sledz
> Sent: Friday, January 23, 2009 11:00 AM
> To: samba-technical at lists.samba.org
> Subject: [PATCH] Change the behavior of ads_verify_ticket when using
> keytabs
>
> Attached is a patch that gives a little more flexibility to verifying
> incoming tickets by adding a notion of a dedicated keytab. The idea
is
> that this keytab only contains valid principals so we can skip the pre
> filtering that is done in ads_keytab_verify_ticket. Isilon node's are
> multi-homed so tickets can come in based on several different
principals
> of which samba has no knowledge.
>
>
>
> This also removes the "use kerberos keytab" parameter since it seemed
> confusing to have that and the new enum.
>
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewise.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJgM4nIR7qMdg1EfYRAu1+AKDaKpwRAQqlHD6DdU9d0m7Qi6sNBgCffCHY
QSANOk0FQKiNzIJOTnTipn4=
=d0Op
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list