diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-12-29 11:01:37 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:30:24 -0500 |
commit | cb785a891bb4938692b45c78c921f75ed7ddbade (patch) | |
tree | e1f3961716392cfb5524961e674eec4b59ec30fa /source4/ldap_server/devdocs | |
parent | d97302d539e7747da28984880769d6cbf8b7357c (diff) | |
download | samba-cb785a891bb4938692b45c78c921f75ed7ddbade.tar.gz samba-cb785a891bb4938692b45c78c921f75ed7ddbade.tar.bz2 samba-cb785a891bb4938692b45c78c921f75ed7ddbade.zip |
r20406: Metze's change in -r 19662 broke Kerberos logins from Win2k3.
The reason is long and complex, but is due to forwardable tickets:
We would extract the forwardable ticket from the GSSAPI payload, and
look for the expiry time of the ticket for krbtgt/REALM@REALM.
However, with -r 19662 the ticket is given to the client as being for
krbtgt/realm@REALM, as it asked for a lower case realm. Heimdal is
case sensitive for realms, and bails out. (It should just not store
the forwarded ticket).
We need to co-ordinate changes in the KDC with relaxation of checks in
Heimdal, and a better kerberos behaviour testsuite.
Andrew Bartlett
(This used to be commit be4c1a36b0e31cbb680d55e8d933818dc3c7435b)
Diffstat (limited to 'source4/ldap_server/devdocs')
0 files changed, 0 insertions, 0 deletions