diff options
author | Simo Sorce <idra@samba.org> | 2006-04-23 17:22:32 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:04:13 -0500 |
commit | 60f3ef505238aaceb40101d5e839d2e303c9c7bd (patch) | |
tree | 3b9a6918438ffcf6af7094cb2625c47a7b542929 | |
parent | 5bcc0986ea94eacf5599df98bfaa0617b65a3f4a (diff) | |
download | samba-60f3ef505238aaceb40101d5e839d2e303c9c7bd.tar.gz samba-60f3ef505238aaceb40101d5e839d2e303c9c7bd.tar.bz2 samba-60f3ef505238aaceb40101d5e839d2e303c9c7bd.zip |
r15181: Don't try kerberos sign/seal when in SSL
(This used to be commit 3be3b1130c41e8e372531c137c46f91c5c0acf98)
-rw-r--r-- | source4/libcli/ldap/ldap_bind.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c index cacb0d150e..585bdbb234 100644 --- a/source4/libcli/ldap/ldap_bind.c +++ b/source4/libcli/ldap/ldap_bind.c @@ -25,6 +25,7 @@ #include "includes.h" #include "libcli/ldap/ldap.h" #include "libcli/ldap/ldap_client.h" +#include "lib/tls/tls.h" #include "auth/auth.h" static struct ldap_message *new_ldap_simple_bind_msg(struct ldap_connection *conn, @@ -173,7 +174,11 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr goto failed; } - gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL); + /* require Kerberos SIGN/SEAL only if we don't use SSL + * Windows seem not to like double encryption */ + if (conn->tls == NULL || (! tls_enabled(conn->tls))) { + gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL); + } status = gensec_set_credentials(conn->gensec, creds); if (!NT_STATUS_IS_OK(status)) { |