diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-06-20 15:27:58 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-06-22 08:00:24 +0200 |
commit | 9c56303f5a56697470ea9f2ee1a428aed2367d75 (patch) | |
tree | 1f1f819336bd6e31cd636a290f9ecf60e3673bd5 /prog_guide4.txt | |
parent | b3d49620875d878e2ad39896a6fe9fddb039253e (diff) | |
download | samba-9c56303f5a56697470ea9f2ee1a428aed2367d75.tar.gz samba-9c56303f5a56697470ea9f2ee1a428aed2367d75.tar.bz2 samba-9c56303f5a56697470ea9f2ee1a428aed2367d75.zip |
s4:auth/kerberos: don't mix s4u2self creds with machine account creds
It's important that we don't store the tgt for the machine account
in the same krb5_ccache as the ticket for the impersonated principal.
We may pass it to some krb5/gssapi functions and they may use them
in the wrong way, which would grant machine account privileges to
the client.
metze
Diffstat (limited to 'prog_guide4.txt')
0 files changed, 0 insertions, 0 deletions