Supporting only Kerberos as an auth mech ...
Richard Sharpe
realrichardsharpe at gmail.com
Thu Sep 5 07:23:53 CEST 2013
Hi,
After some discussion with someone, I wondered if the following would
work to ensure that only KRB5 was offered and etc ...
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index e15c87e..98e6cc5 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -275,7 +275,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
- backends[idx++] = gensec_security_by_oid(NULL,
GENSEC_OID_NTLMSSP);
+ if (!lp_kerberos_only())
+ backends[idx++] = gensec_security_by_oid(NULL,
GENSEC_OID_NTLMSSP);
backends[idx++] = gensec_security_by_oid(NULL,
GENSEC_OID_SPNEGO);
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list