s4-lsa Implement kerberos ticket life policy

We now no longer print tickets with a potentially infinite life, and we report the same life over LSA as we use in the KDC. We should get this from group policy, but for now it's parametric smb.conf options. Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2010-12-09 14:17:54 +1100
committer: Andrew Bartlett <abartlet@samba.org> 2010-12-09 18:02:59 +1100
commit: f681859eb819b441da41e2985586bfc59dff2ec5 (patch)
tree: 2216ee837693a4338024db2e6d1750e00c7427ae /librpc/idl
parent: 22d67758efd20e62d6050fd10c8b922db75747c9 (diff)
download: samba-f681859eb819b441da41e2985586bfc59dff2ec5.tar.gz
samba-f681859eb819b441da41e2985586bfc59dff2ec5.tar.bz2
samba-f681859eb819b441da41e2985586bfc59dff2ec5.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index 869a97a1ac..abad501f4e 100644
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -1064,11 +1064,14 @@ import "misc.idl", "security.idl";
 	);
 
 	/* Function 0x35 */
+	typedef [bitmap32bit] bitmap {
+		LSA_POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
+	} lsa_krbAuthenticationOptions;
 
 	/* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
 	   for reserved - gd */
 	typedef struct {
-		uint32 enforce_restrictions;
+		lsa_krbAuthenticationOptions authentication_options;
 		hyper service_tkt_lifetime;
 		hyper user_tkt_lifetime;
 		hyper user_tkt_renewaltime;
author	Andrew Bartlett <abartlet@samba.org>	2010-12-09 14:17:54 +1100
committer	Andrew Bartlett <abartlet@samba.org>	2010-12-09 18:02:59 +1100
commit	f681859eb819b441da41e2985586bfc59dff2ec5 (patch)
tree	2216ee837693a4338024db2e6d1750e00c7427ae /librpc/idl
parent	22d67758efd20e62d6050fd10c8b922db75747c9 (diff)
download	samba-f681859eb819b441da41e2985586bfc59dff2ec5.tar.gz samba-f681859eb819b441da41e2985586bfc59dff2ec5.tar.bz2 samba-f681859eb819b441da41e2985586bfc59dff2ec5.zip