summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-07-14 21:02:20 +0200
committerStefan Metzmacher <metze@samba.org>2011-07-15 12:26:25 +0200
commit7acc1a7a2f56627a2f5e4eed2fbfb14a16ecd649 (patch)
tree780188cb35196715ab7bb992324a2d21fdcaf406
parente0541ed98d730622f348e3871aba02908ce477dd (diff)
downloadsamba-7acc1a7a2f56627a2f5e4eed2fbfb14a16ecd649.tar.gz
samba-7acc1a7a2f56627a2f5e4eed2fbfb14a16ecd649.tar.bz2
samba-7acc1a7a2f56627a2f5e4eed2fbfb14a16ecd649.zip
s4:kdc: set *_strongest_*_key to true to restore the old behavior
TODO: check why this is needed. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104
-rw-r--r--source4/kdc/kdc.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 0723408043..7c00ea9b3f 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -964,6 +964,19 @@ static void kdc_task_init(struct task_server *task)
}
kdc->config->num_db = 1;
+ /*
+ * TODO: find out why this is needed in order
+ * to let make test work.
+ *
+ * Without this, we are getting PAC varification
+ * failures. I guess because the PAC is not signed
+ * with a arcfour-hmac-md5 key.
+ */
+ kdc->config->as_use_strongest_session_key = true;
+ kdc->config->preauth_use_strongest_session_key = true;
+ kdc->config->tgs_use_strongest_session_key = true;
+ kdc->config->use_strongest_server_key = true;
+
/* Register hdb-samba4 hooks for use as a keytab */
kdc->base_ctx = talloc_zero(kdc, struct samba_kdc_base_context);