diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-09-16 09:39:12 -0700 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2013-09-17 01:41:41 +0200 |
commit | 4dacaef2eae46a8d5d4729c8a607b9d928c70c25 (patch) | |
tree | 488b362d5334cf50af2f90cdc80fbce96dd8adf6 | |
parent | 3f464ca1f5672491edf5daf15389cf7f2dc68e2b (diff) | |
download | samba-4dacaef2eae46a8d5d4729c8a607b9d928c70c25.tar.gz samba-4dacaef2eae46a8d5d4729c8a607b9d928c70c25.tar.bz2 samba-4dacaef2eae46a8d5d4729c8a607b9d928c70c25.zip |
dsdb: Use credentials.get_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
-rw-r--r-- | python/samba/provision/backend.py | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/python/samba/provision/backend.py b/python/samba/provision/backend.py index 3fe947fdbe..b50055de9f 100644 --- a/python/samba/provision/backend.py +++ b/python/samba/provision/backend.py @@ -255,6 +255,7 @@ class LDAPBackend(ProvisionBackend): # Kerberos to an ldapi:// backend makes no sense self.credentials.set_kerberos_state(DONT_USE_KERBEROS) self.credentials.set_password(self.ldapadminpass) + self.credentials.set_forced_sasl_mech("DIGEST-MD5") self.secrets_credentials = Credentials() self.secrets_credentials.guess(self.lp) @@ -262,6 +263,7 @@ class LDAPBackend(ProvisionBackend): self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS) self.secrets_credentials.set_username("samba-admin") self.secrets_credentials.set_password(self.ldapadminpass) + self.secrets_credentials.set_forced_sasl_mech("DIGEST-MD5") self.provision() diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c index ac993db4d7..cde53bc9ce 100644 --- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c +++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c @@ -157,6 +157,7 @@ static int set_ldap_credentials(struct ldb_context *ldb) return ldb_oom(ldb); } cli_credentials_set_anonymous(cred); + cli_credentials_set_forced_sasl_mech(cred, "DIGEST-MD5"); /* * We don't want to use krb5 to talk to our samdb - recursion |