summaryrefslogtreecommitdiff
path: root/source4/param
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-09-17 09:46:20 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:38:13 -0500
commitf281d7782451efe4211e6e18435ed367c137ea06 (patch)
tree2a9786a8d3b36046412fe3a6eb5a2a5eacd91fa9 /source4/param
parent7f08aa1dd516dfe0e8a79575ed736e1e09a10f9d (diff)
downloadsamba-f281d7782451efe4211e6e18435ed367c137ea06.tar.gz
samba-f281d7782451efe4211e6e18435ed367c137ea06.tar.bz2
samba-f281d7782451efe4211e6e18435ed367c137ea06.zip
r10291: The patch optionally (off by default, not available in all cases) allows
Samba to use the target principal name supplied in the mechTokenMIC of an SPNEGO negTokenInit. This isn't a great idea for security reasons, but is how Samba3 behaves, and allows kerberos to function more often in some environments. It is only available for CIFS session setups, due to the ordering of the exchange. Andrew Bartlett (This used to be commit f6a645644127ae695a9f7288e0a469f2eb7f3066)
Diffstat (limited to 'source4/param')
-rw-r--r--source4/param/loadparm.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 3f6a22d404..244ce27419 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -184,6 +184,7 @@ typedef struct
BOOL bClientPlaintextAuth;
BOOL bClientLanManAuth;
BOOL bClientNTLMv2Auth;
+ BOOL client_use_spnego_principal;
BOOL bHostMSDfs;
BOOL bUnicode;
BOOL bUnixExtensions;
@@ -422,6 +423,7 @@ static struct parm_struct parm_table[] = {
{"client NTLMv2 auth", P_BOOL, P_GLOBAL, &Globals.bClientNTLMv2Auth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"client lanman auth", P_BOOL, P_GLOBAL, &Globals.bClientLanManAuth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"client plaintext auth", P_BOOL, P_GLOBAL, &Globals.bClientPlaintextAuth, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"client use spnego principal", P_BOOL, P_GLOBAL, &Globals.client_use_spnego_principal, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"read only", P_BOOL, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE},
@@ -659,6 +661,7 @@ static void init_globals(void)
do_parameter("ClientLanManAuth", "True", NULL);
do_parameter("LanmanAuth", "True", NULL);
do_parameter("NTLMAuth", "True", NULL);
+ do_parameter("client use spnego principal", "False", NULL);
do_parameter("UnixExtensions", "False", NULL);
@@ -853,6 +856,7 @@ FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth)
FN_GLOBAL_BOOL(lp_client_plaintext_auth, &Globals.bClientPlaintextAuth)
FN_GLOBAL_BOOL(lp_client_lanman_auth, &Globals.bClientLanManAuth)
FN_GLOBAL_BOOL(lp_client_ntlmv2_auth, &Globals.bClientNTLMv2Auth)
+FN_GLOBAL_BOOL(lp_client_use_spnego_principal, &Globals.client_use_spnego_principal)
FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs)
FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)