diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-09-17 09:46:20 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:38:13 -0500 |
commit | f281d7782451efe4211e6e18435ed367c137ea06 (patch) | |
tree | 2a9786a8d3b36046412fe3a6eb5a2a5eacd91fa9 /source4/param | |
parent | 7f08aa1dd516dfe0e8a79575ed736e1e09a10f9d (diff) | |
download | samba-f281d7782451efe4211e6e18435ed367c137ea06.tar.gz samba-f281d7782451efe4211e6e18435ed367c137ea06.tar.bz2 samba-f281d7782451efe4211e6e18435ed367c137ea06.zip |
r10291: The patch optionally (off by default, not available in all cases) allows
Samba to use the target principal name supplied in the mechTokenMIC of
an SPNEGO negTokenInit.
This isn't a great idea for security reasons, but is how Samba3 behaves,
and allows kerberos to function more often in some environments. It is
only available for CIFS session setups, due to the ordering of the
exchange.
Andrew Bartlett
(This used to be commit f6a645644127ae695a9f7288e0a469f2eb7f3066)
Diffstat (limited to 'source4/param')
-rw-r--r-- | source4/param/loadparm.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 3f6a22d404..244ce27419 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -184,6 +184,7 @@ typedef struct BOOL bClientPlaintextAuth; BOOL bClientLanManAuth; BOOL bClientNTLMv2Auth; + BOOL client_use_spnego_principal; BOOL bHostMSDfs; BOOL bUnicode; BOOL bUnixExtensions; @@ -422,6 +423,7 @@ static struct parm_struct parm_table[] = { {"client NTLMv2 auth", P_BOOL, P_GLOBAL, &Globals.bClientNTLMv2Auth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"client lanman auth", P_BOOL, P_GLOBAL, &Globals.bClientLanManAuth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"client plaintext auth", P_BOOL, P_GLOBAL, &Globals.bClientPlaintextAuth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"client use spnego principal", P_BOOL, P_GLOBAL, &Globals.client_use_spnego_principal, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"read only", P_BOOL, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE}, @@ -659,6 +661,7 @@ static void init_globals(void) do_parameter("ClientLanManAuth", "True", NULL); do_parameter("LanmanAuth", "True", NULL); do_parameter("NTLMAuth", "True", NULL); + do_parameter("client use spnego principal", "False", NULL); do_parameter("UnixExtensions", "False", NULL); @@ -853,6 +856,7 @@ FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth) FN_GLOBAL_BOOL(lp_client_plaintext_auth, &Globals.bClientPlaintextAuth) FN_GLOBAL_BOOL(lp_client_lanman_auth, &Globals.bClientLanManAuth) FN_GLOBAL_BOOL(lp_client_ntlmv2_auth, &Globals.bClientNTLMv2Auth) +FN_GLOBAL_BOOL(lp_client_use_spnego_principal, &Globals.client_use_spnego_principal) FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs) FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions) FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego) |