summaryrefslogtreecommitdiff
path: root/source3/libads/ldap_schema.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-12-04 13:48:37 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-12-10 16:08:30 +1100
commitbb7806283e71f3b8029aae0eed326b5847a36d83 (patch)
tree75ae29746351bd1aaf09d54c4779b5584f1eb98a /source3/libads/ldap_schema.c
parent10441ed83d701d6db64c3a933cf09957355e1db2 (diff)
downloadsamba-bb7806283e71f3b8029aae0eed326b5847a36d83.tar.gz
samba-bb7806283e71f3b8029aae0eed326b5847a36d83.tar.bz2
samba-bb7806283e71f3b8029aae0eed326b5847a36d83.zip
s3-libads Default to NOT using the server-supplied principal from SPNEGO
This principal is not supplied by later versions of windows, and using it opens up some oportunities for man in the middle attacks. (Becuase it isn't the name being contacted that is verified with the KDC). This adds the option 'client use spnego principal' to the smb.conf (as used in Samba4) to control this behaivour. As in Samba4, this defaults to false. Against 2008 servers, this will not change behaviour. Against earlier servers, it may cause a downgrade to NTLMSSP more often, in environments where server names are not registered with the KDC as servicePrincipalName values. Andrew Bartlett
Diffstat (limited to 'source3/libads/ldap_schema.c')
0 files changed, 0 insertions, 0 deletions