[PACTHSET] Some patches from the MIT KDC branch
Andreas Schneider
asn at samba.org
Thu Jul 9 06:57:46 UTC 2015
On Thursday 09 July 2015 09:32:06 Andrew Bartlett wrote:
> On Wed, 2015-07-08 at 18:12 +0200, Andreas Schneider wrote:
> > Hi,
> >
> > I'm currently working on the MIT KDC branch to clean it up so we can get
> > more patches upstream. Here are a few patches which are ready for master.
> > More to come in the next days and weeks.
> >
> > They are also available here:
> >
> > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-> > kdc-ok
> The main patch I have thoughts on is the salt handling one. I remember
> we had some discussion on that, and a solution was merged into master.
> Can you remind me where we got to there?
We fixed it by adding the correct saltPrincipal to the ldif. So we have the
correct salt already in ldap!
What this code does it to clean up the code and always pass down the
saltPrincipal to the update keytab function. So the caller needs to make sure
it passes down the saltPrincipal it has or create the correct one needed for
the operation. We should not create it in the update keytab function ...
> One note I've been meaning to say for the past little while is that I
> think you will have to, contrary to my previous advice, implement the
> required things for gssapi_krb5. While the only non-torture use of it
> is kpasswd, the contribution it makes to testing is non-trivial, like
> the fun and games we just found with the NULL checksums from the "Huawei
> Unified Storage System S5500 V3".
Can you tell me which test it needs? You need to be a bit more specific here
:)
If you're talking about gensec_fake_gssapi_krb5_security_ops() it works fine
with gssapi ...
https://git.samba.org/?p=asn/samba.git;a=commit;h=1dc1c69d5990cb67b77549309e25be372023c33b
>
> Sorry,
>
> Andrew Bartlett
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list