s4:auth/credentials: S4U2Self should force CRED_MUST_USE_KERBEROS

Otherwise we would not impersonate the desired principal. This still doesn't work for plaintext auth, but should avoid ntlmssp. metze
author: Stefan Metzmacher <metze@samba.org> 2011-04-28 17:10:03 +0200
committer: Stefan Metzmacher <metze@samba.org> 2011-05-18 07:46:41 +0200
commit: 053ef0f605e8e99bf10e784cf383f954a6940d0a (patch)
tree: d5e720f34d39e445d5af30d6e1cb618242d51aa1
parent: a41efe6802da4e81a4af72aa231daa00f5012ab8 (diff)
download: samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.tar.gz
samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.tar.bz2
samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 5883282c25..bfba1679f7 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -813,6 +813,7 @@ _PUBLIC_ void cli_credentials_set_impersonate_principal(struct cli_credentials *
 	cred->impersonate_principal = talloc_strdup(cred, principal);
 	talloc_free(cred->self_service);
 	cred->self_service = talloc_strdup(cred, self_service);
+	cli_credentials_set_kerberos_state(cred, CRED_MUST_USE_KERBEROS);
 }
 
 /*
author	Stefan Metzmacher <metze@samba.org>	2011-04-28 17:10:03 +0200
committer	Stefan Metzmacher <metze@samba.org>	2011-05-18 07:46:41 +0200
commit	053ef0f605e8e99bf10e784cf383f954a6940d0a (patch)
tree	d5e720f34d39e445d5af30d6e1cb618242d51aa1
parent	a41efe6802da4e81a4af72aa231daa00f5012ab8 (diff)
download	samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.tar.gz samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.tar.bz2 samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.zip