[PATCH] Return correct gss-error to client.
jra at samba.org
Tue Jan 30 17:03:59 UTC 2018
Google ChromeOS restricts the enc types allowed for the kerberos
client. If the DC doesn't support these types it returns
KRB5KDC_ERR_ETYPE_NOSUPP as an error to the client code.
Currently Samba doesn't pass this back to the caller as
NT_STATUS_KDC_UNKNOWN_ETYPE, which is the NT status designated
for this specific error - it gets returned as NT_STATUS_LOGON_FAILURE,
which doesn't allow the caller to report the problem to the client GUI.
We already handle KDC specific errors such as NT_STATUS_TIME_DIFFERENCE_AT_DC,
this just adds another one to enable users to debug problems (so
this isn't a case of error squashing to prevent attacks).
Please review and push if happy !
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1021 bytes
Desc: not available
More information about the samba-technical