diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-02-14 18:29:54 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-02-16 15:18:42 +0100 |
commit | 5c9b6db68e0f535ed2b42bbfee310b7cebf65ca4 (patch) | |
tree | 4cdda382b5e50b351311c036d04cb5fa26b4c1fa /source4/ntp_signd | |
parent | 1d0684c8452ddaec3ab3f715382503c87b0ec534 (diff) | |
download | samba-5c9b6db68e0f535ed2b42bbfee310b7cebf65ca4.tar.gz samba-5c9b6db68e0f535ed2b42bbfee310b7cebf65ca4.tar.bz2 samba-5c9b6db68e0f535ed2b42bbfee310b7cebf65ca4.zip |
s3-gse: Use the session key type, not the lucid context to set NEW_SPNEGO
Using gss_krb5_export_lucid_sec_context() is a problem with MIT krb5, as
it (reasonably, I suppose) invalidates the gssapi context on which it
is called. Instead, we look to the type of session key which is
negotiated, and see if it not AES (or newer).
If we negotiated AES or newer, then we set GENSEC_FEATURE_NEW_SPENGO
so that we know to generate valid mechListMic values in SPNEGO.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/ntp_signd')
0 files changed, 0 insertions, 0 deletions