diff options
author | Andrew Tridgell <tridge@samba.org> | 2002-08-30 06:59:57 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2002-08-30 06:59:57 +0000 |
commit | dcd029169424d8846c1fbb0b1527516a4a026b27 (patch) | |
tree | 0d1ca640b6c60ebf20458154b19c2f557a0b8f60 /source3/libsmb/clikrb5.c | |
parent | a6ace770eb9b11271803215f218bf772fa7d9faa (diff) | |
download | samba-dcd029169424d8846c1fbb0b1527516a4a026b27.tar.gz samba-dcd029169424d8846c1fbb0b1527516a4a026b27.tar.bz2 samba-dcd029169424d8846c1fbb0b1527516a4a026b27.zip |
convert the LDAP/SASL code to use GSS-SPNEGO if possible
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
Diffstat (limited to 'source3/libsmb/clikrb5.c')
-rw-r--r-- | source3/libsmb/clikrb5.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 685c4a25e0..955a93285c 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -20,6 +20,10 @@ #include "includes.h" +#ifndef ENCTYPE_ARCFOUR_HMAC +#define ENCTYPE_ARCFOUR_HMAC 0x0017 +#endif + #ifdef HAVE_KRB5 /* we can't use krb5_mk_req because w2k wants the service to be in a particular format @@ -94,7 +98,9 @@ DATA_BLOB krb5_get_ticket(char *principal) krb5_context context; krb5_auth_context auth_context = NULL; DATA_BLOB ret; - krb5_enctype enc_types[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_NULL}; + krb5_enctype enc_types[] = {ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_DES_CBC_MD5, + ENCTYPE_NULL}; retval = krb5_init_context(&context); if (retval) { |