diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-07-20 10:22:10 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-07-20 12:12:38 +0200 |
commit | 8d159e9de108f2ccd107676a68802d90b95e5e7a (patch) | |
tree | 0fa168ac267057b90662e5a1326aa724d88d4987 | |
parent | 481f05ce02df4069ba8ecb5a6ad76cb35299b14c (diff) | |
download | samba-8d159e9de108f2ccd107676a68802d90b95e5e7a.tar.gz samba-8d159e9de108f2ccd107676a68802d90b95e5e7a.tar.bz2 samba-8d159e9de108f2ccd107676a68802d90b95e5e7a.zip |
s4:kdc: restore the behavior before the last heimdal import
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104
-rw-r--r-- | source4/kdc/kdc.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 7c00ea9b3f..4e1e27c42b 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -965,16 +965,24 @@ static void kdc_task_init(struct task_server *task) kdc->config->num_db = 1; /* - * TODO: find out why this is needed in order - * to let make test work. + * This restores the behavior before + * commit 255e3e18e00f717d99f3bc57c8a8895ff624f3c3 + * s4:heimdal: import lorikeet-heimdal-201107150856 + * (commit 48936803fae4a2fb362c79365d31f420c917b85b) * - * Without this, we are getting PAC varification - * failures. I guess because the PAC is not signed - * with a arcfour-hmac-md5 key. + * as_use_strongest_session_key,preauth_use_strongest_session_key + * and tgs_use_strongest_session_key are input to the + * _kdc_find_etype() function. The old bahavior is in + * the use_strongest_session_key=FALSE code path. + * (The only remaining difference in _kdc_find_etype() + * is the is_preauth parameter.) + * + * The old behavior in the _kdc_get_preferred_key() + * function is use_strongest_server_key=TRUE. */ - kdc->config->as_use_strongest_session_key = true; - kdc->config->preauth_use_strongest_session_key = true; - kdc->config->tgs_use_strongest_session_key = true; + kdc->config->as_use_strongest_session_key = false; + kdc->config->preauth_use_strongest_session_key = false; + kdc->config->tgs_use_strongest_session_key = false; kdc->config->use_strongest_server_key = true; /* Register hdb-samba4 hooks for use as a keytab */ |