summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald W. Carter <jerry@samba.org>2008-01-28 11:32:09 -0600
committerGerald W. Carter <jerry@samba.org>2008-01-28 11:32:09 -0600
commitc0c93dc2ba8bf6b32b0bcc228d947ee588ee4099 (patch)
treef8db752d49cf6c9d537d733ca5b4fa33ad1f93b4
parentfe478af26aacd1b3ae7e24c4c82e03f576d71691 (diff)
downloadsamba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.tar.gz
samba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.tar.bz2
samba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.zip
Restrict the enctypes in the generated krb5.conf files to Win2003 types.
This fixes the failure observed on FC8 when joining a Windows 2008 RC1 domain. We currently do not handle user session keys correctly when the KDC uses AES in the ticket replies. (This used to be commit 8039a2518caae54bc876368c73ec493f3cd4eb73)
Diffstat
-rw-r--r--source3/libads/kerberos.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index b99525047f..d47e8a3ff1 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -865,10 +865,14 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
return False;
}
- file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n"
- "[realms]\n\t%s = {\n"
- "\t%s\t}\n",
- realm_upper, realm_upper, kdc_ip_string);
+ file_contents = talloc_asprintf(fname,
+ "[libdefaults]\n\tdefault_realm = %s\n"
+ "default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
+ "[realms]\n\t%s = {\n"
+ "\t%s\t}\n",
+ realm_upper, realm_upper, kdc_ip_string);
if (!file_contents) {
TALLOC_FREE(dname);
generated by cgit (git 2.34.1) at 2024-12-26 20:01:28 +0000