diff options
| author | Gerald W. Carter <jerry@samba.org> | 2008-03-27 11:57:26 -0500 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-03-27 11:57:26 -0500 |
| commit | 0a4f742f0ac7846b4f104f1749095162883038cd (patch) | |
| tree | 23ad9b93a7eefcf46c3020e6e41be6edebf7e4b5 /source3/nsswitch | |
| parent | 9c169e9e42b58e7b6c4b37f57d4649daea7593e5 (diff) | |
| download | samba-0a4f742f0ac7846b4f104f1749095162883038cd.tar.gz samba-0a4f742f0ac7846b4f104f1749095162883038cd.tar.bz2 samba-0a4f742f0ac7846b4f104f1749095162883038cd.zip | |
Only add WBFLAG_PAM_CONTACT_TRUSTDOM when performing a krb5 auth request.
NTLM logons must go against our DC.
(This used to be commit 2e24f7c0243c67a00102c11258cfa6f61caf499f)
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/pam_winbind.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 81f5227410..d2aea66bcc 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -1200,9 +1200,13 @@ static int winbind_auth_request(pam_handle_t * pamh, request.data.auth.krb5_cc_type[0] = '\0'; request.data.auth.uid = -1; - request.flags = WBFLAG_PAM_INFO3_TEXT | - WBFLAG_PAM_GET_PWD_POLICY | - WBFLAG_PAM_CONTACT_TRUSTDOM; + request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY; + + /* Krb5 auth always has to go against the KDC of the user's realm */ + + if (ctrl & WINBIND_KRB5_AUTH) { + request.flags |= WBFLAG_PAM_CONTACT_TRUSTDOM; + } if (ctrl & (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) { struct passwd *pwd = NULL; |