Winbind kerberos login
Evgeny Sinelnikov
sin at altlinux.ru
Sun Jan 1 21:57:43 UTC 2017
Hello,
and Happy New year!
2016-12-29 13:02 GMT+04:00 Alexander Bokovoy <ab at samba.org>:
> On to, 29 joulu 2016, Evgeny Sinelnikov wrote:
>> Hello,
>>
>> today I got a strange behavior during login via PAM winbind.
>>
>> Firstly, it looks like that krb5_ccache_type = KEYRING don't save
>> credential cache after "successful" login. But later, when I enable
>> debug level = 10, I found next logs with identical errors.
>>
>>
>> For krb5_ccache_type = FILE:
>>
>> [2016/12/28 15:17:12.101783, 10, pid=21122, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_dual.c:512(child_process_request)
>> child_process_request: request fn PAM_AUTH
>> [2016/12/28 15:17:12.101800, 3, pid=21122, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1678(winbindd_dual_pam_auth)
>> [21119]: dual pam auth TEST\petrov
>> [2016/12/28 15:17:12.101815, 10, pid=21122, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1720(winbindd_dual_pam_auth)
>> winbindd_dual_pam_auth: domain: TEST last was online
>> [2016/12/28 15:17:12.101828, 10, pid=21122, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1172(winbindd_dual_pam_auth_kerberos)
>> winbindd_dual_pam_auth_kerberos
>> [2016/12/28 15:17:12.101843, 8, pid=21122, effective(0, 0), real(0,
>> 0)] ../source3/lib/util.c:1239(is_myname)
>> is_myname("TEST") returns 0
>> [2016/12/28 15:17:12.101860, 10, pid=21122, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:545(generate_krb5_ccache)
>> using ccache: FILE:/tmp/krb5cc_10002
>> [2016/12/28 15:17:12.101880, 10, pid=21122, effective(10002, 0),
>> real(10002, 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:668(winbindd_raw_kerberos_login)
>> winbindd_raw_kerberos_login: uid is 10002
>> [2016/12/28 15:17:12.101940, 10, pid=21122, effective(10002, 0),
>> real(10002, 0)]
>> ../source3/libads/kerberos.c:228(kerberos_kinit_password_ext)
>> kerberos_kinit_password: as petrov at TEST.ALTLINUX using
>> [FILE:/tmp/krb5cc_10002] as ccache and config
>> [/var/lib/samba/smb_krb5/krb5.conf.TEST]
>> [2016/12/28 15:17:12.151696, 10, pid=21122, effective(10002, 0),
>> real(10002, 0)] ../source3/libads/authdata.c:180(kerberos_return_pac)
>> got TGT for petrov at TEST.ALTLINUX in FILE:/tmp/krb5cc_10002
>> valid until: Чт, 29 дек 2016 01:17:12 MSK (1482963432)
>> renewable till: Ср, 04 янв 2017 15:17:12 MSK (1483532232)
>> [2016/12/28 15:17:12.158284, 3, pid=21122, effective(10002, 0),
>> real(10002, 0)]
>> ../lib/krb5_wrap/krb5_samba.c:376(ads_cleanup_expired_creds)
>> ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_10002]
>> expiration Чт, 29 дек 2016 01:17:12 MSK
>> [2016/12/28 15:17:12.158908, 10, pid=21122, effective(10002, 0),
>> real(10002, 0)] ../lib/krb5_wrap/krb5_samba.c:643(ads_krb5_mk_req)
>> ads_krb5_mk_req: Ticket (KDESKTOP$@TEST.ALTLINUX) in ccache
>> (FILE:/tmp/krb5cc_10002) is valid until: (Чт, 29 дек 2016 01:17:12 MSK
>> - 1482963432)
>> [2016/12/28 15:17:12.159651, 10, pid=21122, effective(10002, 0),
>> real(10002, 0)]
>> ../lib/krb5_wrap/krb5_samba.c:931(get_krb5_smb_session_key)
>> Got KRB5 session key of length 32
>> [2016/12/28 15:17:12.160255, 5, pid=21122, effective(10002, 0),
>> real(10002, 0)] ../auth/gensec/gensec_start.c:681(gensec_start_mech)
>> Starting GENSEC mechanism gse_krb5
>> [2016/12/28 15:17:12.162507, 10, pid=21122, effective(10002, 0),
>> real(10002, 0)] ../source3/lib/util.c:1986(name_to_fqdn)
>> name_to_fqdn: lookup for KDESKTOP -> KDESKTOP.test.altlinux.
>> [2016/12/28 15:17:12.162907, 1, pid=21122, effective(10002, 0),
>> real(10002, 0)]
>> ../source3/librpc/crypto/gse_krb5.c:449(fill_mem_keytab_from_system_keytab)
>> ../source3/librpc/crypto/gse_krb5.c:449: krb5_kt_start_seq_get
>> failed (Отказано в доступе)
>> [2016/12/28 15:17:12.162930, 1, pid=21122, effective(10002, 0),
>> real(10002, 0)]
>> ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
>> ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab - 13
>> [2016/12/28 15:17:12.162949, 1, pid=21122, effective(10002, 0),
>> real(10002, 0)] ../auth/gensec/gensec_start.c:698(gensec_start_mech)
>> Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR
>> [2016/12/28 15:17:12.162965, 1, pid=21122, effective(10002, 0),
>> real(10002, 0)] ../source3/libads/authdata.c:274(kerberos_return_pac)
>> ../source3/libads/authdata.c:274Failed to start server-side GENSEC
>> krb5 to validate a Kerberos ticket: NT_STATUS_INTERNAL_ERROR
>> [2016/12/28 15:17:12.162988, 10, pid=21122, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1734(winbindd_dual_pam_auth)
>> winbindd_dual_pam_auth_kerberos failed: NT_STATUS_INTERNAL_ERROR
>> [2016/12/28 15:17:12.163012, 3, pid=21122, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1763(winbindd_dual_pam_auth)
>> falling back to samlogon
>> [2016/12/28 15:17:12.163025, 10, pid=21122, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1503(winbindd_dual_pam_auth_samlogon)
>> winbindd_dual_pam_auth_samlogon
>>
>>
>> For krb5_ccache_type = KEYRING:
>>
>> [2016/12/28 13:39:21.599512, 10, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_dual.c:512(child_process_request)
>> child_process_request: request fn PAM_AUTH
>> [2016/12/28 13:39:21.600103, 3, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1678(winbindd_dual_pam_auth)
>> [16977]: dual pam auth TEST\petrov
>> [2016/12/28 13:39:21.600796, 10, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1720(winbindd_dual_pam_auth)
>> winbindd_dual_pam_auth: domain: TEST last was online
>> [2016/12/28 13:39:21.601219, 10, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1172(winbindd_dual_pam_auth_kerberos)
>> winbindd_dual_pam_auth_kerberos
>> [2016/12/28 13:39:21.601563, 8, pid=16979, effective(0, 0), real(0,
>> 0)] ../source3/lib/util.c:1239(is_myname)
>> is_myname("TEST") returns 0
>> [2016/12/28 13:39:21.601646, 10, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:545(generate_krb5_ccache)
>> using ccache: KEYRING:persistent:10002
>> [2016/12/28 13:39:21.601669, 10, pid=16979, effective(10002, 0),
>> real(10002, 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:668(winbindd_raw_kerberos_login)
>> winbindd_raw_kerberos_login: uid is 10002
>> [2016/12/28 13:39:21.601730, 10, pid=16979, effective(10002, 0),
>> real(10002, 0)]
>> ../source3/libads/kerberos.c:228(kerberos_kinit_password_ext)
>> kerberos_kinit_password: as petrov at TEST.ALTLINUX using
>> [KEYRING:persistent:10002] as ccache and config
>> [/var/lib/samba/smb_krb5/krb5.conf.TEST]
>> [2016/12/28 13:39:21.635637, 10, pid=16979, effective(10002, 0),
>> real(10002, 0)] ../source3/libads/authdata.c:180(kerberos_return_pac)
>> got TGT for petrov at TEST.ALTLINUX in KEYRING:persistent:10002
>> valid until: Ср, 28 дек 2016 23:39:21 MSK (1482957561)
>> renewable till: Ср, 04 янв 2017 13:39:21 MSK (1483526361)
>> [2016/12/28 13:39:21.642937, 3, pid=16979, effective(10002, 0),
>> real(10002, 0)]
>> ../lib/krb5_wrap/krb5_samba.c:376(ads_cleanup_expired_creds)
>> ads_cleanup_expired_creds: Ticket in
>> ccache[KEYRING:persistent:10002:10002] expiration Ср, 28 дек 2016
>> 23:39:21 MSK
>> [2016/12/28 13:39:21.643575, 10, pid=16979, effective(10002, 0),
>> real(10002, 0)] ../lib/krb5_wrap/krb5_samba.c:643(ads_krb5_mk_req)
>> ads_krb5_mk_req: Ticket (KDESKTOP$@TEST.ALTLINUX) in ccache
>> (KEYRING:persistent:10002:10002) is valid until: (Ср, 28 дек 2016
>> 23:39:21 MSK - 1482957561)
>> [2016/12/28 13:39:21.644461, 10, pid=16979, effective(10002, 0),
>> real(10002, 0)]
>> ../lib/krb5_wrap/krb5_samba.c:931(get_krb5_smb_session_key)
>> Got KRB5 session key of length 32
>> [2016/12/28 13:39:21.645050, 5, pid=16979, effective(10002, 0),
>> real(10002, 0)] ../auth/gensec/gensec_start.c:681(gensec_start_mech)
>> Starting GENSEC mechanism gse_krb5
>> [2016/12/28 13:39:21.646592, 10, pid=16979, effective(10002, 0),
>> real(10002, 0)] ../source3/lib/util.c:1986(name_to_fqdn)
>> name_to_fqdn: lookup for KDESKTOP -> KDESKTOP.test.altlinux.
>> [2016/12/28 13:39:21.646903, 1, pid=16979, effective(10002, 0),
>> real(10002, 0)]
>> ../source3/librpc/crypto/gse_krb5.c:449(fill_mem_keytab_from_system_keytab)
>> ../source3/librpc/crypto/gse_krb5.c:449: krb5_kt_start_seq_get
>> failed (Отказано в доступе)
>> [2016/12/28 13:39:21.647673, 1, pid=16979, effective(10002, 0),
>> real(10002, 0)]
>> ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
>> ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab - 13
>> [2016/12/28 13:39:21.647704, 1, pid=16979, effective(10002, 0),
>> real(10002, 0)] ../auth/gensec/gensec_start.c:698(gensec_start_mech)
>> Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR
>> [2016/12/28 13:39:21.647721, 1, pid=16979, effective(10002, 0),
>> real(10002, 0)] ../source3/libads/authdata.c:274(kerberos_return_pac)
>> ../source3/libads/authdata.c:274Failed to start server-side GENSEC
>> krb5 to validate a Kerberos ticket: NT_STATUS_INTERNAL_ERROR
>> [2016/12/28 13:39:21.648480, 3, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:794(winbindd_raw_kerberos_login)
>> winbindd_raw_kerberos_login: could not remove ccache for user TEST\petrov
>> [2016/12/28 13:39:21.648504, 10, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1734(winbindd_dual_pam_auth)
>> winbindd_dual_pam_auth_kerberos failed: NT_STATUS_INTERNAL_ERROR
>> [2016/12/28 13:39:21.648519, 3, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1763(winbindd_dual_pam_auth)
>> falling back to samlogon
>> [2016/12/28 13:39:21.648532, 10, pid=16979, effective(0, 0), real(0,
>> 0), class=winbind]
>> ../source3/winbindd/winbindd_pam.c:1503(winbindd_dual_pam_auth_samlogon)
>> winbindd_dual_pam_auth_samlogon
>>
>>
>> So, at first time credential cache saved after login via samlogon, but
>> not at second time.
> The second time it also fell back to samlogon. After all, in both cases
> winbinddd_dual_pam_auth_kerberos() returned NT_STATUS_INTERNAL_ERROR,
> though for different reasons: failure to remove the ccache in the second
> case still returned NT_STATUS_INTERNAL_ERROR but your real issue is that
> uid 10002 cannot have access to the host principal's keys in
> /etc/krb5.keytab and thus cannot validate the ticket a user provided in
> the ccache.
>
> Technically, to validate the user's ticket, winbindd would need first to
> retrieve own keys as root and then perform the validation using the
> ticket from the user's ccache.
Ok, it's clear. But this is increddible behaviour, like I think. I
think this is a bug:
https://bugzilla.samba.org/show_bug.cgi?id=12491
>> It was because at first time existing valid credential cache not
>> deleted in winbindd_raw_kerberos_login():
>>
>> failed:
>> /*
>> * Do not delete an existing valid credential cache, if the user
>> * e.g. enters a wrong password
>> */
>> if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type,
>> "WRFILE") || strequal(krb5_cc_type, "KEYRING"))
>> && user_ccache_file != NULL) {
>> DEBUG(10,("winbindd_raw_kerberos_login: do not delete
>> an existing valid credential cache\n"));
>> return result;
>> }
>>
>> /* we could have created a new credential cache with a valid tgt in it
>> * but we werent able to get or verify the service ticket for this
>> * local host and therefor didn't get the PAC, we need to remove that
>> * cache entirely now */
>>
>>
>> I applied patch that fix it for KEYRING. But it is not looks like
>> solution. It is workaround.
> Making winbindd_raw_kerberos_login() of additional credential cache
> times is good, regardless of the issue you are seeing. The code as it is
> now would not work for Heimdal with KCM credential caches, for example,
> or for DIR cctype, or KEYRING with MIT Kerberos, indeed. Unfortunately,
> there is no API in Kerberos to query supported ccache or keytab types.
> Heimdal has external strings krb5_cc_type_* which give names of the
> supported ccache prefixes but they aren't discoverable at runtime (you
> have to discover them at build time). MIT Kerberos doesn't have even
> that, you can only assume what could be there.
But it is work around only, then winbindd_raw_kerberos_login() failed.
I think that it's should not require for access user to keytab file.
And I apply pair patches to fix this problem at all. Review it,
please.
This tested with next log on same environment as before:
[user at kdesktop ~]$ su - petrov
Password:
[petrov at kdesktop ~]$ klist
Ticket cache: KEYRING:persistent:10002:10002
Default principal: petrov at TEST.ALTLINUX
Valid starting Expires Service principal
01.01.2017 20:37:33 02.01.2017 06:37:33 KDESKTOP$@TEST.ALTLINUX
renew until 08.01.2017 20:37:33
01.01.2017 20:37:33 02.01.2017 06:37:33 krbtgt/TEST.ALTLINUX at TEST.ALTLINUX
renew until 08.01.2017 20:37:33
[2017/01/01 20:37:33.371989, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_dual.c:512(child_process_request)
child_process_request: request fn PAM_AUTH
[2017/01/01 20:37:33.372004, 3, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_pam.c:1696(winbindd_dual_pam_auth)
[ 9907]: dual pam auth TEST\petrov
[2017/01/01 20:37:33.372023, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_pam.c:1738(winbindd_dual_pam_auth)
winbindd_dual_pam_auth: domain: TEST last was online
[2017/01/01 20:37:33.372037, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_pam.c:1190(winbindd_dual_pam_auth_kerberos)
winbindd_dual_pam_auth_kerberos
[2017/01/01 20:37:33.372051, 8, pid=9909, effective(0, 0), real(0,
0)] ../source3/lib/util.c:1239(is_myname)
is_myname("TEST") returns 0
[2017/01/01 20:37:33.372068, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_pam.c:545(generate_krb5_ccache)
using ccache: KEYRING:persistent:10002
[2017/01/01 20:37:33.372091, 10, pid=9909, effective(10002, 0),
real(10002, 0), class=winbind]
../source3/winbindd/winbindd_pam.c:668(winbindd_raw_kerberos_login)
winbindd_raw_kerberos_login: uid is 10002
[2017/01/01 20:37:33.372149, 10, pid=9909, effective(10002, 0),
real(10002, 0)]
../source3/libads/kerberos.c:228(kerberos_kinit_password_ext)
kerberos_kinit_password: as petrov at TEST.ALTLINUX using
[KEYRING:persistent:10002] as ccache and config
[/var/lib/samba/smb_krb5/krb5.conf.TEST]
[2017/01/01 20:37:33.424527, 10, pid=9909, effective(10002, 0),
real(10002, 0)] ../source3/libads/authdata.c:154(kerberos_kinit)
got TGT for petrov at TEST.ALTLINUX in KEYRING:persistent:10002
valid until: Пн, 02 янв 2017 06:37:33 MSK (1483328253)
renewable till: Вс, 08 янв 2017 20:37:33 MSK (1483897053)
[2017/01/01 20:37:33.430865, 3, pid=9909, effective(0, 0), real(0,
0)] ../lib/krb5_wrap/krb5_samba.c:376(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in
ccache[KEYRING:persistent:10002:10002] expiration Пн, 02 янв 2017
06:37:33 MSK
[2017/01/01 20:37:33.431188, 10, pid=9909, effective(0, 0), real(0,
0)] ../lib/krb5_wrap/krb5_samba.c:643(ads_krb5_mk_req)
ads_krb5_mk_req: Ticket (KDESKTOP$@TEST.ALTLINUX) in ccache
(KEYRING:persistent:10002:10002) is valid until: (Пн, 02 янв 2017
06:37:33 MSK - 1483328253)
[2017/01/01 20:37:33.431592, 10, pid=9909, effective(0, 0), real(0,
0)] ../lib/krb5_wrap/krb5_samba.c:931(get_krb5_smb_session_key)
Got KRB5 session key of length 32
[2017/01/01 20:37:33.431929, 5, pid=9909, effective(0, 0), real(0,
0)] ../auth/gensec/gensec_start.c:681(gensec_start_mech)
Starting GENSEC mechanism gse_krb5
[2017/01/01 20:37:33.433416, 10, pid=9909, effective(0, 0), real(0,
0)] ../source3/lib/util.c:1986(name_to_fqdn)
name_to_fqdn: lookup for KDESKTOP -> KDESKTOP.test.altlinux.
[2017/01/01 20:37:33.433666, 10, pid=9909, effective(0, 0), real(0,
0)] ../source3/librpc/crypto/gse_krb5.c:391(fill_mem_keytab_from_system_keytab)
fill_mem_keytab_from_system_keytab: with fqdn kdesktop.test.altlinux.
[2017/01/01 20:37:33.458865, 3, pid=9909, effective(0, 0), real(0,
0)] ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac)
Found account name from PAC: petrov []
[2017/01/01 20:37:33.459173, 10, pid=9909, effective(0, 0), real(0,
0)] ../auth/kerberos/kerberos_pac.c:411(kerberos_decode_pac)
Successfully validated Kerberos PAC
...
[2017/01/01 20:37:33.462998, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_pam.c:741(winbindd_raw_kerberos_login)
winbindd_raw_kerberos_login: winbindd validated ticket of petrov at TEST.ALTLINUX
[2017/01/01 20:37:33.463027, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cred_cache.c:659(add_ccache_to_list)
add_ccache_to_list: added krb5_ticket handler
[2017/01/01 20:37:33.463041, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cred_cache.c:667(add_ccache_to_list)
add_ccache_to_list: added ccache [KEYRING:persistent:10002] for user
[TEST\petrov] to the list
[2017/01/01 20:37:33.463499, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cred_cache.c:937(winbindd_add_memory_creds_internal)
winbindd_add_memory_creds_internal: added entry for user TEST\petrov
[2017/01/01 20:37:33.463723, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cred_cache.c:680(add_ccache_to_list)
winbindd_add_memory_creds returned: NT_STATUS_OK
[2017/01/01 20:37:33.463826, 10, pid=9909, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_pam.c:1749(winbindd_dual_pam_auth)
winbindd_dual_pam_auth_kerberos succeeded
[2017/01/01 20:37:33.464179, 10, pid=9909, effective(0, 0), real(0,
0)] ../source3/libsmb/samlogon_cache.c:159(netsamlogon_cache_store)
netsamlogon_cache_store: SID [S-1-5-21-2116509168-2717670426-3021727252-1104]
> If we want to short-cut the logic around removal of a new ccache after a
> failed attempt to get or verify the service ticket for the local host,
> it would probably be better to not check the krb5_cc_type at all, only
> make sure it is not NULL when user_ccache_file is not NULL. The value is
> passed through by the libwbclient, so there is no business in
> interpreting it for this case -- if it is not NULL, it is already
> something that corresponds to an existing valid user_ccache_file here.
Ok, I think this is really good idea to not check the krb5_cc_type at all.
--
Sin (Sinelnikov Evgeny)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-kerberos-separate-kerberos_return_pac-in-two-inde.patch
Type: text/x-patch
Size: 7970 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170102/3ff1cbbf/0001-s3-kerberos-separate-kerberos_return_pac-in-two-inde.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-s3-winbind-kinit-with-non-root-for-user-ccache-durin.patch
Type: text/x-patch
Size: 1849 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170102/3ff1cbbf/0002-s3-winbind-kinit-with-non-root-for-user-ccache-durin.bin>
More information about the samba-technical
mailing list