[PATCH] winbind interface to extract SIDs from PAC

Christof Schmitt christof.schmitt at us.ibm.com
Mon Jul 30 12:22:53 MDT 2012


christof.schmitt at us.ibm.com wrote on 07/26/2012 02:33:45 PM:
> Here is an updated version of the winbind interface. It now tries to
> verify the PAC signatures. If the verification succeeds, the
> information from the PAC is stored in the netlogon_cache. The info3 is
> always returned to the client, independent of the verification result.

I cleaned up the error handling a bit. The second patch changes the
level of a debug message to avoid this output with log level 1:

[2012/07/30 19:56:27.389822,  1] 
../auth/kerberos/kerberos_pac.c:326(kerberos_decode_pac)
  PAC Decode: Failed to verify the service signature: Decrypt integrity 
check failed

Regards,

Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-winbind-Extend-wbcAuthenticateUserEx-to-provide-PAC.patch
Type: application/octet-stream
Size: 10942 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120730/331b1916/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-auth-kerberos-Adjust-log-level-for-failed-PAC-signat.patch
Type: application/octet-stream
Size: 1032 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120730/331b1916/attachment-0001.obj>


More information about the samba-technical mailing list