[WIP PATCH] cli_session_setup_creds()
Andreas Schneider
asn at samba.org
Wed Sep 21 06:00:08 UTC 2016
On Tuesday, 20 September 2016 21:13:39 CEST Andrew Bartlett wrote:
> > Third some semantics we had before change. We are first checking for
> > existing
> > tickets and use them if they are still valid. If not we ask for a new
> > krbtgt
> > using the provided username/password. We didn't do that before.
>
> This bit doesn't seem right, unless the ccache was forced with
> CRED_SPECIFIED. The idea in cli_credentials was that if a username/pw
> is specified, then we always get a new ticket with that.
>
> Or put another way, the thing (ccache, username/pw) that is set with
> the highest level wins, from GUESS, to ENV, to CALLBACK, to SPECIFIED.
>
> I would love to talk this over next week if needed.
Yes, the patchset needs more discussion. I sent it so you have time to review
till I arrive.
Also the first 9 patches just fix tests and strange things in parsing/
splitting usernames. We often end up with usernames without a realm e.g.
'Administrator@'. I've added a smb_panic() if the username has a trailing @ to
find the positions in the code where we produce broken usernames.
Cheers,
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list