diff options
author | Gerald W. Carter <jerry@samba.org> | 2008-01-28 11:32:09 -0600 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-01-28 11:32:09 -0600 |
commit | c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099 (patch) | |
tree | f8db752d49cf6c9d537d733ca5b4fa33ad1f93b4 /source3 | |
parent | fe478af26aacd1b3ae7e24c4c82e03f576d71691 (diff) | |
download | samba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.tar.gz samba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.tar.bz2 samba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.zip |
Restrict the enctypes in the generated krb5.conf files to Win2003 types.
This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain. We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.
(This used to be commit 8039a2518caae54bc876368c73ec493f3cd4eb73)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libads/kerberos.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index b99525047f..d47e8a3ff1 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -865,10 +865,14 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, return False; } - file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n" - "[realms]\n\t%s = {\n" - "\t%s\t}\n", - realm_upper, realm_upper, kdc_ip_string); + file_contents = talloc_asprintf(fname, + "[libdefaults]\n\tdefault_realm = %s\n" + "default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" + "default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" + "preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n" + "[realms]\n\t%s = {\n" + "\t%s\t}\n", + realm_upper, realm_upper, kdc_ip_string); if (!file_contents) { TALLOC_FREE(dname); |