Samba3's fake GSSAPI and FreeBSD
Jeremy Allison
jra at samba.org
Sat Sep 11 19:59:34 MDT 2010
On Sat, Sep 11, 2010 at 07:01:16PM +1000, Andrew Bartlett wrote:
> Samba4 will cope with the previous behaviour (a normal krb5 checksum
> without a gssapi channel binding), and with a full gssapi channel
> binding, but not this particular combination.
Unfortunately Windows doesn't, and requres the checksum.
> As this is all well
> outside real GSSAPI behaviour, I've put this change in to keep
> everything consistent.
>
> http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=3b4db34011f06fb785153fa9070fb1da9d8f5c78
Ok, that makes sense. Please apply to v3-6-test as well please.
> Perhaps we should perhaps have two simple defines: HAVE_KRB5 and
> HAVE_MODERN_KRB5, with a switch between the two rather than testing for
> each function, and getting too many combinations. We just can't test
> the number of variations at the moment.
>
> In the long term, I very much look forward to replacing this with real
> GSSAPI at some point, and removing much of this complexity.
Sure, Simo is working on this at the moment.
Jeremy.
More information about the samba-technical
mailing list