diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-08-14 01:08:00 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-08-14 01:08:00 +0000 |
commit | 172766eea7a374e910ea91c857fcce45996783a2 (patch) | |
tree | f666ba3739092714c6175f8e1adf834fa68f0f00 /source3/libsmb/clikrb5.c | |
parent | 1eb7fe8eaf9306e9ef1447a6b47a5b91df8584cb (diff) | |
download | samba-172766eea7a374e910ea91c857fcce45996783a2.tar.gz samba-172766eea7a374e910ea91c857fcce45996783a2.tar.bz2 samba-172766eea7a374e910ea91c857fcce45996783a2.zip |
Change Samba to always use extended security for it's guest logins, (ie,
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to
all of Samba's clients.
When connecting to an Active Directory DC, you must initiate the CIFS level
session setup with Kerberos, not a guest login. If you don't, your machine
account is demoted to NT4.
Andrew Bartlett
(This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
Diffstat (limited to 'source3/libsmb/clikrb5.c')
-rw-r--r-- | source3/libsmb/clikrb5.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 3fe6d6457a..a18852a691 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -369,29 +369,27 @@ failed: BOOL get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, uint8 session_key[16], BOOL remote) { -#ifdef ENCTYPE_ARCFOUR_HMAC krb5_keyblock *skey; krb5_error_code err; -#endif BOOL ret = False; memset(session_key, 0, 16); -#ifdef ENCTYPE_ARCFOUR_HMAC if (remote) err = krb5_auth_con_getremotesubkey(context, auth_context, &skey); else err = krb5_auth_con_getlocalsubkey(context, auth_context, &skey); if (err == 0 && skey != NULL) { - if (KRB5_KEY_TYPE(skey) == - ENCTYPE_ARCFOUR_HMAC - && KRB5_KEY_LENGTH(skey) == 16) { + DEBUG(10, ("Got KRB5 session key of length %d\n", KRB5_KEY_LENGTH(skey))); + if (KRB5_KEY_LENGTH(skey) == 16) { memcpy(session_key, KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey)); + dump_data_pw("KRB5 Session Key:\n", session_key, 16); ret = True; } krb5_free_keyblock(context, skey); + } else { + DEBUG(10, ("KRB5 error getting session key %d\n", err)); } -#endif /* ENCTYPE_ARCFOUR_HMAC */ return ret; } |