Patch for fixing pb when users have a valid ticket and the server change its password

Matthieu Patou mat at
Mon May 24 16:02:59 MDT 2010

On 22/05/2010 09:03, Matthieu Patou wrote:
> On 21/05/2010 18:24, John H Terpstra wrote:
>> On 05/21/2010 09:11 AM, Matthieu Patou wrote:
>>> Hello,
>>> Find attach a patch proposal for bug 7099.
>>> My patch store a copy of the previous password on password change and
>>> try this password for validating tickets presented by the user to the
>>> server.
>>> This should hopefully solve the bug that when the password of a samba 3
>>> server is changed: for all tickets that are still valid for the 
>>> server's
>>> principals but emitted before the server has changed its password, the
>>> server is not anymore able to validate them (as it didn't has the
>>> previous passwords).
>>> I also attached a backport for samba3.5.x (I applied it to 3.5.3 and
>>> 3.5.2 and compiled it on 3.5.2).
>>> Cheers.
>>> Matthieu.
>> Matthieu,
>> Thank you for fixing that bug. Much appreciated.
> John, just pay attention that I didn't tested it thoroughly with real 
> windows workstation. It just don't show the pb when using smbclient 
> and forcing the password change with net changetrustpw. So for your 
> clusters it's worth to wait a little bit still.
Now I tested it and I had to change the patch a little bit.
Here is the update version.

> Cheers, Matthieu.

Matthieu Patou
Samba Team

More information about the samba-technical mailing list