s4:auth/kerberos: activate windows related krb5 flags

metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jul 25 09:45:01 CEST 2011 on sn-devel-104
author: Stefan Metzmacher <metze@samba.org> 2011-07-24 22:02:21 +0200
committer: Stefan Metzmacher <metze@samba.org> 2011-07-25 09:45:01 +0200
commit: 188b28b9d99ee97176c910b506cb542b5eff01ff (patch)
tree: 8622477a7c144deffad6438049ac437d623f9b1e /source4/auth/kerberos
parent: 9190345bf513e76996481bf7a7abdcb72e840d63 (diff)
download: samba-188b28b9d99ee97176c910b506cb542b5eff01ff.tar.gz
samba-188b28b9d99ee97176c910b506cb542b5eff01ff.tar.bz2
samba-188b28b9d99ee97176c910b506cb542b5eff01ff.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 9a48e95c6d..c255e6605a 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -394,6 +394,16 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
 		break;
 	}
 
+	/*
+	 * In order to work against windows KDCs even if we use
+	 * the netbios domain name as realm, we need to add the following
+	 * flags:
+	 * KRB5_INIT_CREDS_NO_C_CANON_CHECK;
+	 * KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
+	 */
+	krb5_get_init_creds_opt_set_win2k(smb_krb5_context->krb5_context,
+					  krb_options, true);
+
 	tries = 2;
 	while (tries--) {
 		struct tevent_context *previous_ev;
author	Stefan Metzmacher <metze@samba.org>	2011-07-24 22:02:21 +0200
committer	Stefan Metzmacher <metze@samba.org>	2011-07-25 09:45:01 +0200
commit	188b28b9d99ee97176c910b506cb542b5eff01ff (patch)
tree	8622477a7c144deffad6438049ac437d623f9b1e /source4/auth/kerberos
parent	9190345bf513e76996481bf7a7abdcb72e840d63 (diff)
download	samba-188b28b9d99ee97176c910b506cb542b5eff01ff.tar.gz samba-188b28b9d99ee97176c910b506cb542b5eff01ff.tar.bz2 samba-188b28b9d99ee97176c910b506cb542b5eff01ff.zip