summaryrefslogtreecommitdiff
path: root/source4/ldap_server/devdocs
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-12-29 11:01:37 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:30:24 -0500
commitcb785a891bb4938692b45c78c921f75ed7ddbade (patch)
treee1f3961716392cfb5524961e674eec4b59ec30fa /source4/ldap_server/devdocs
parentd97302d539e7747da28984880769d6cbf8b7357c (diff)
downloadsamba-cb785a891bb4938692b45c78c921f75ed7ddbade.tar.gz
samba-cb785a891bb4938692b45c78c921f75ed7ddbade.tar.bz2
samba-cb785a891bb4938692b45c78c921f75ed7ddbade.zip
r20406: Metze's change in -r 19662 broke Kerberos logins from Win2k3.
The reason is long and complex, but is due to forwardable tickets: We would extract the forwardable ticket from the GSSAPI payload, and look for the expiry time of the ticket for krbtgt/REALM@REALM. However, with -r 19662 the ticket is given to the client as being for krbtgt/realm@REALM, as it asked for a lower case realm. Heimdal is case sensitive for realms, and bails out. (It should just not store the forwarded ticket). We need to co-ordinate changes in the KDC with relaxation of checks in Heimdal, and a better kerberos behaviour testsuite. Andrew Bartlett (This used to be commit be4c1a36b0e31cbb680d55e8d933818dc3c7435b)
Diffstat (limited to 'source4/ldap_server/devdocs')
0 files changed, 0 insertions, 0 deletions