diff options
| author | Günther Deschner <gd@samba.org> | 2006-03-21 11:14:29 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:15:39 -0500 |
| commit | e4dc7454346da21d5bc7df7028057d47d7d4d0a5 (patch) | |
| tree | a10814cd00eb2227df9f1fbf3c90c489d012a2be /source3 | |
| parent | 5067cca077ab8dde110f79ea9e60611dc25ddf64 (diff) | |
| download | samba-e4dc7454346da21d5bc7df7028057d47d7d4d0a5.tar.gz samba-e4dc7454346da21d5bc7df7028057d47d7d4d0a5.tar.bz2 samba-e4dc7454346da21d5bc7df7028057d47d7d4d0a5.zip | |
r14611: Fix init_creds_opts issue jerry discovered when using MIT krb5 1.3:
We were using a far too short renewable_time in the request; newer MIT
releases take care interally that the renewable time is never shorter
then the default ticket lifetime.
Guenther
(This used to be commit bde4a4018e26bc9aab4b928ec9811c05b21574f3)
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/libads/kerberos.c | 10 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_ads.c | 2 |
2 files changed, 1 insertions, 11 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 029e42c0c2..e5211813d3 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -72,9 +72,7 @@ int kerberos_kinit_password_ext(const char *principal, krb5_ccache cc = NULL; krb5_principal me; krb5_creds my_creds; -#if 0 krb5_get_init_creds_opt opt; -#endif initialize_krb5_error_table(); if ((code = krb5_init_context(&ctx))) @@ -97,12 +95,9 @@ int kerberos_kinit_password_ext(const char *principal, return code; } -#if 0 /* This code causes problems with MIT krb5 1.3 when asking for a - TGT for the machine account */ krb5_get_init_creds_opt_init(&opt); krb5_get_init_creds_opt_set_renew_life(&opt, renewable_time); krb5_get_init_creds_opt_set_forwardable(&opt, 1); -#endif if (request_pac) { #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST @@ -110,13 +105,8 @@ int kerberos_kinit_password_ext(const char *principal, #endif } -#if 0 if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), kerb_prompter, NULL, 0, NULL, &opt))) -#else - if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), - kerb_prompter, NULL, 0, NULL, NULL))) -#endif { krb5_free_principal(ctx, me); krb5_free_context(ctx); diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 179659f86f..5e0d4cfe8e 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -102,7 +102,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) ads->auth.realm = SMB_STRDUP( lp_realm() ); } - ads->auth.renewable = 1; + ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME; status = ads_connect(ads); if (!ADS_ERR_OK(status) || !ads->config.realm) { |