diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-09-28 04:50:02 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:39:06 -0500 |
| commit | 718dd6dda6331b27b8f4fc89b891c27124c7821e (patch) | |
| tree | 1892903ad434a04959966987275c32bd84a7e4fb /source4/auth/gensec/gensec_krb5.c | |
| parent | f54b3650d6e561213abdeffb56ee45b84ef4d068 (diff) | |
| download | samba-718dd6dda6331b27b8f4fc89b891c27124c7821e.tar.gz samba-718dd6dda6331b27b8f4fc89b891c27124c7821e.tar.bz2 samba-718dd6dda6331b27b8f4fc89b891c27124c7821e.zip | |
r10565: Try to make Kerberos authentication a bit more friendly.
This disables it for 'localhost' as well as for any host our KDC does
not recognise.
Andrew Bartlett
(This used to be commit 49c6c36763aae23880a20a8ee50c00e8935d8548)
Diffstat (limited to 'source4/auth/gensec/gensec_krb5.c')
| -rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 07e92f063f..71974790b1 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -172,7 +172,10 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security DEBUG(2, ("Cannot do krb5 to an IP address")); return NT_STATUS_INVALID_PARAMETER; } - + if (strequal(hostname, "localhost")) { + DEBUG(2, ("krb5 to 'localhost' does not make sense")); + return NT_STATUS_INVALID_PARAMETER; + } nt_status = gensec_krb5_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { @@ -235,7 +238,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: DEBUG(3, ("Server [%s] is not registered with our KDC: %s\n", hostname, smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, ret, gensec_krb5_state))); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ case KRB5KDC_ERR_PREAUTH_FAILED: case KRB5KRB_AP_ERR_TKT_EXPIRED: case KRB5_CC_END: |