summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-03-11 07:04:38 +1100
committerStefan Metzmacher <metze@samba.org>2012-04-03 17:47:32 +0200
commitf3b005e7595288096a4fac220709b7af26aa7b62 (patch)
treecfa1536ca7647a07c0eb4eababb0f7da149768c0 /source3/utils
parent893387d25fcc24e906b3b97a49259930f298132d (diff)
downloadsamba-f3b005e7595288096a4fac220709b7af26aa7b62.tar.gz
samba-f3b005e7595288096a4fac220709b7af26aa7b62.tar.bz2
samba-f3b005e7595288096a4fac220709b7af26aa7b62.zip
s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSP
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client) will not select krb5. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/ntlm_auth.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index bc3535920b..51ea097353 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1130,12 +1130,13 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
gensec_init();
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
-
+ /* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
+ gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+
gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
GENSEC_OID_SPNEGO);