diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-02-10 20:54:18 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-02-10 12:36:23 +0100 |
commit | d2ccaaad20a22a5a09f883809945827dabbc65a7 (patch) | |
tree | b577cf092cdb0c5e5a2f38c7071993a261818571 /auth | |
parent | 93f3fc54e462958c3bc88ebf586be99fb703347b (diff) | |
download | samba-d2ccaaad20a22a5a09f883809945827dabbc65a7.tar.gz samba-d2ccaaad20a22a5a09f883809945827dabbc65a7.tar.bz2 samba-d2ccaaad20a22a5a09f883809945827dabbc65a7.zip |
gensec: explain gensec_use_kerberos_mechs() logic
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Feb 10 12:36:23 CET 2012 on sn-devel-104
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/gensec_start.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index e9ccb16b0c..d3145ec581 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -50,7 +50,22 @@ bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_ /* Sometimes we want to force only kerberos, sometimes we want to * force it's avoidance. The old list could be either * gensec_security_all(), or from cli_credentials_gensec_list() (ie, - * an existing list we have trimmed down) */ + * an existing list we have trimmed down) + * + * The intended logic is: + * + * if we are in the default AUTO have kerberos: + * - take a reference to the master list + * otherwise + * - always add spnego then: + * - if we 'MUST' have kerberos: + * only add kerberos mechs + * - if we 'DONT' want kerberos': + * only add non-kerberos mechs + * + * Once we get things like NegoEx or moonshot, this will of course get + * more compplex. + */ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, struct gensec_security_ops **old_gensec_list, |