diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-08-01 20:17:56 +0200 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-08-01 20:17:56 +0200 |
| commit | 2fbe25b39d096b55a5dbb80720cd01e08e42a2b0 (patch) | |
| tree | 64a0a19d5278bb341396189789fd41e530e31d0d /source4/auth/credentials/credentials_krb5.c | |
| parent | 3573420d7d108d796e0b424c131061dc74c23033 (diff) | |
| parent | f2ac351d6ef8d240f9e45f4df58b022052457d76 (diff) | |
| download | samba-2fbe25b39d096b55a5dbb80720cd01e08e42a2b0.tar.gz samba-2fbe25b39d096b55a5dbb80720cd01e08e42a2b0.tar.bz2 samba-2fbe25b39d096b55a5dbb80720cd01e08e42a2b0.zip | |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
(This used to be commit c87a8ba1fef1ba508ad6527d0bae4bcdd5b3cb69)
Diffstat (limited to 'source4/auth/credentials/credentials_krb5.c')
| -rw-r--r-- | source4/auth/credentials/credentials_krb5.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index c4c58398c3..1a2d5faddd 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -392,7 +392,17 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ret; } - /* transfer the enctypes from the smb_krb5_context to the gssapi layer */ + /* + * transfer the enctypes from the smb_krb5_context to the gssapi layer + * + * We use 'our' smb_krb5_context to do the AS-REQ and it is possible + * to configure the enctypes via the krb5.conf. + * + * And the gss_init_sec_context() creates it's own krb5_context and + * the TGS-REQ had all enctypes in it and only the ones configured + * and used for the AS-REQ, so it wasn't possible to disable the usage + * of AES keys. + */ min_stat = krb5_get_default_in_tkt_etypes(ccache->smb_krb5_context->krb5_context, &etypes); if (min_stat == 0) { |