summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGerald W. Carter <jerry@samba.org>2008-01-28 11:32:09 -0600
committerGerald W. Carter <jerry@samba.org>2008-01-28 11:32:09 -0600
commitc0c93dc2ba8bf6b32b0bcc228d947ee588ee4099 (patch)
treef8db752d49cf6c9d537d733ca5b4fa33ad1f93b4 /source3
parentfe478af26aacd1b3ae7e24c4c82e03f576d71691 (diff)
downloadsamba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.tar.gz
samba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.tar.bz2
samba-c0c93dc2ba8bf6b32b0bcc228d947ee588ee4099.zip
Restrict the enctypes in the generated krb5.conf files to Win2003 types.
This fixes the failure observed on FC8 when joining a Windows 2008 RC1 domain. We currently do not handle user session keys correctly when the KDC uses AES in the ticket replies. (This used to be commit 8039a2518caae54bc876368c73ec493f3cd4eb73)
Diffstat (limited to 'source3')
-rw-r--r--source3/libads/kerberos.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index b99525047f..d47e8a3ff1 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -865,10 +865,14 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
return False;
}
- file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n"
- "[realms]\n\t%s = {\n"
- "\t%s\t}\n",
- realm_upper, realm_upper, kdc_ip_string);
+ file_contents = talloc_asprintf(fname,
+ "[libdefaults]\n\tdefault_realm = %s\n"
+ "default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
+ "[realms]\n\t%s = {\n"
+ "\t%s\t}\n",
+ realm_upper, realm_upper, kdc_ip_string);
if (!file_contents) {
TALLOC_FREE(dname);