diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-03-11 07:04:38 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-04-03 17:47:32 +0200 |
commit | f3b005e7595288096a4fac220709b7af26aa7b62 (patch) | |
tree | cfa1536ca7647a07c0eb4eababb0f7da149768c0 /source3/utils | |
parent | 893387d25fcc24e906b3b97a49259930f298132d (diff) | |
download | samba-f3b005e7595288096a4fac220709b7af26aa7b62.tar.gz samba-f3b005e7595288096a4fac220709b7af26aa7b62.tar.bz2 samba-f3b005e7595288096a4fac220709b7af26aa7b62.zip |
s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSP
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client)
will not select krb5.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/ntlm_auth.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index bc3535920b..51ea097353 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1130,12 +1130,13 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx, gensec_init(); - gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); - + /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops; #endif + gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); + gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO); |