summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-04-28 17:10:03 +0200
committerStefan Metzmacher <metze@samba.org>2011-05-18 07:46:41 +0200
commit053ef0f605e8e99bf10e784cf383f954a6940d0a (patch)
treed5e720f34d39e445d5af30d6e1cb618242d51aa1 /source4/auth
parenta41efe6802da4e81a4af72aa231daa00f5012ab8 (diff)
downloadsamba-053ef0f605e8e99bf10e784cf383f954a6940d0a.tar.gz
samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.tar.bz2
samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.zip
s4:auth/credentials: S4U2Self should force CRED_MUST_USE_KERBEROS
Otherwise we would not impersonate the desired principal. This still doesn't work for plaintext auth, but should avoid ntlmssp. metze
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/credentials/credentials_krb5.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 5883282c25..bfba1679f7 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -813,6 +813,7 @@ _PUBLIC_ void cli_credentials_set_impersonate_principal(struct cli_credentials *
cred->impersonate_principal = talloc_strdup(cred, principal);
talloc_free(cred->self_service);
cred->self_service = talloc_strdup(cred, self_service);
+ cli_credentials_set_kerberos_state(cred, CRED_MUST_USE_KERBEROS);
}
/*