diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-04-28 17:10:03 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-05-18 07:46:41 +0200 |
commit | 053ef0f605e8e99bf10e784cf383f954a6940d0a (patch) | |
tree | d5e720f34d39e445d5af30d6e1cb618242d51aa1 /source4 | |
parent | a41efe6802da4e81a4af72aa231daa00f5012ab8 (diff) | |
download | samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.tar.gz samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.tar.bz2 samba-053ef0f605e8e99bf10e784cf383f954a6940d0a.zip |
s4:auth/credentials: S4U2Self should force CRED_MUST_USE_KERBEROS
Otherwise we would not impersonate the desired principal.
This still doesn't work for plaintext auth, but should
avoid ntlmssp.
metze
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/credentials/credentials_krb5.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index 5883282c25..bfba1679f7 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -813,6 +813,7 @@ _PUBLIC_ void cli_credentials_set_impersonate_principal(struct cli_credentials * cred->impersonate_principal = talloc_strdup(cred, principal); talloc_free(cred->self_service); cred->self_service = talloc_strdup(cred, self_service); + cli_credentials_set_kerberos_state(cred, CRED_MUST_USE_KERBEROS); } /* |