diff options
author | Günther Deschner <gd@samba.org> | 2006-04-25 12:24:25 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:16:29 -0500 |
commit | 351e749246a278b60a7e18c1eeafdc8ec70efea2 (patch) | |
tree | 7080fbf71b0f4cedfd4eeae1eb42478b2b327b49 /source3/nsswitch/winbindd_pam.c | |
parent | 66fd215dc754963c866c3c3402f65d6bd14b8dcd (diff) | |
download | samba-351e749246a278b60a7e18c1eeafdc8ec70efea2.tar.gz samba-351e749246a278b60a7e18c1eeafdc8ec70efea2.tar.bz2 samba-351e749246a278b60a7e18c1eeafdc8ec70efea2.zip |
r15240: Correctly disallow unauthorized access when logging on with the
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index d35de4ce41..d38bdf3dfa 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -489,6 +489,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, &renewal_until, cc, True, + True, WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); if (krb5_ret) { |