summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2006-04-23 17:22:32 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:04:13 -0500
commit60f3ef505238aaceb40101d5e839d2e303c9c7bd (patch)
tree3b9a6918438ffcf6af7094cb2625c47a7b542929
parent5bcc0986ea94eacf5599df98bfaa0617b65a3f4a (diff)
downloadsamba-60f3ef505238aaceb40101d5e839d2e303c9c7bd.tar.gz
samba-60f3ef505238aaceb40101d5e839d2e303c9c7bd.tar.bz2
samba-60f3ef505238aaceb40101d5e839d2e303c9c7bd.zip
r15181: Don't try kerberos sign/seal when in SSL
(This used to be commit 3be3b1130c41e8e372531c137c46f91c5c0acf98)
-rw-r--r--source4/libcli/ldap/ldap_bind.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index cacb0d150e..585bdbb234 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
+#include "lib/tls/tls.h"
#include "auth/auth.h"
static struct ldap_message *new_ldap_simple_bind_msg(struct ldap_connection *conn,
@@ -173,7 +174,11 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
goto failed;
}
- gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ /* require Kerberos SIGN/SEAL only if we don't use SSL
+ * Windows seem not to like double encryption */
+ if (conn->tls == NULL || (! tls_enabled(conn->tls))) {
+ gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ }
status = gensec_set_credentials(conn->gensec, creds);
if (!NT_STATUS_IS_OK(status)) {