summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorDan Sledz <dsledz@isilon.com>2009-01-15 17:02:41 -0800
committerSteven Danneman <steven.danneman@isilon.com>2009-02-01 20:23:31 -0800
commitd96248a9b46559552f53b0ecd3861387ea7ff050 (patch)
treee7d5f3d00f0831d1cb2c4315cd2fa7e1de6abaf6 /source3/utils
parentd75b3913c9e03ff97336aa7a6e1cbac2eb03f230 (diff)
downloadsamba-d96248a9b46559552f53b0ecd3861387ea7ff050.tar.gz
samba-d96248a9b46559552f53b0ecd3861387ea7ff050.tar.bz2
samba-d96248a9b46559552f53b0ecd3861387ea7ff050.zip
Add two new parameters to control how we verify kerberos tickets. Removes lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net_ads.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 766f3216f0..03786e2e17 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1920,7 +1920,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
d_printf("Password change for principal %s succeeded.\n", host_principal);
- if (lp_use_kerberos_keytab()) {
+ if (USE_SYSTEM_KEYTAB) {
d_printf("Attempting to update system keytab with new password.\n");
if (ads_keytab_create_default(ads)) {
d_printf("Failed to update system keytab.\n");
@@ -2241,9 +2241,9 @@ int net_ads_keytab(struct net_context *c, int argc, const char **argv)
{NULL, NULL, 0, NULL, NULL}
};
- if (!lp_use_kerberos_keytab()) {
- d_printf("\nWarning: \"use kerberos keytab\" must be set to \"true\" in order to \
-use keytab functions.\n");
+ if (!USE_KERBEROS_KEYTAB) {
+ d_printf("\nWarning: \"kerberos method\" must be set to a \
+ keytab method to use keytab functions.\n");
}
return net_run_function(c, argc, argv, "net ads keytab", func);