summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_pam.c
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-04-25 12:24:25 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:16:29 -0500
commit351e749246a278b60a7e18c1eeafdc8ec70efea2 (patch)
tree7080fbf71b0f4cedfd4eeae1eb42478b2b327b49 /source3/nsswitch/winbindd_pam.c
parent66fd215dc754963c866c3c3402f65d6bd14b8dcd (diff)
downloadsamba-351e749246a278b60a7e18c1eeafdc8ec70efea2.tar.gz
samba-351e749246a278b60a7e18c1eeafdc8ec70efea2.tar.bz2
samba-351e749246a278b60a7e18c1eeafdc8ec70efea2.zip
r15240: Correctly disallow unauthorized access when logging on with the
kerberized pam_winbind and workstation restrictions are in effect. The krb5 AS-REQ needs to add the host netbios-name in the address-list. We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from the edata of the KRB_ERROR but the login at least fails when the local machine is not in the workstation list on the DC. Guenther (This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
-rw-r--r--source3/nsswitch/winbindd_pam.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index d35de4ce41..d38bdf3dfa 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -489,6 +489,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
&renewal_until,
cc,
True,
+ True,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
if (krb5_ret) {