Query on commit 1bc2f28b9420829645ed571daf2a17e6688b2103
Jeremy Allison
jra at samba.org
Tue Sep 27 22:20:08 UTC 2016
On Tue, Sep 27, 2016 at 03:12:04PM -0700, Christof Schmitt wrote:
>
> The whole discussion around this interface is in the thread at:
> https://lists.samba.org/archive/samba-technical/2012-July/thread.html#85283
>
> The reason for handling the failed signature validation is mentioned
> here:
> https://lists.samba.org/archive/samba-technical/2012-July/085713.html
>
> The scenario here would be having winbindd running on a machine with the
> keytab from the machine account, but also a different service like
> Ganesha that is using a separate keytab. In this case e.g. Ganesha could
> ask winbindd to decode the PAC and still get its contents, even though
> winbindd does not trust the information since it was signed with a
> different keytab.
That's horrible :-(. Is this *actually* used anywhere ?
More information about the samba-technical
mailing list