summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth/credentials/credentials_krb5.c5
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c6
2 files changed, 10 insertions, 1 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 684f2440fd..2a23688ffd 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -533,6 +533,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
return ret;
}
+#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks krb5_get_default_in_tkt_etypes */
/*
* transfer the enctypes from the smb_krb5_context to the gssapi layer
*
@@ -567,6 +568,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
return ret;
}
}
+#endif
+#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks GSS_KRB5_CRED_NO_CI_FLAGS_X */
/* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */
maj_stat = gss_set_cred_option(&min_stat, &gcc->creds,
@@ -582,7 +585,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
(*error_string) = talloc_asprintf(cred, "gss_set_cred_option failed: %s", error_message(ret));
return ret;
}
-
+#endif
cred->client_gss_creds_obtained = cred->ccache_obtained;
talloc_set_destructor(gcc, free_gssapi_creds);
cred->client_gss_creds = gcc;
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 2ecd144bfb..f1b8740078 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -3709,10 +3709,16 @@ static void kdc_get_policy(struct loadparm_context *lp_ctx,
unix_to_nt_time(&k->service_tkt_lifetime, svc_tkt_lifetime);
unix_to_nt_time(&k->user_tkt_lifetime, usr_tkt_lifetime);
unix_to_nt_time(&k->user_tkt_renewaltime, renewal_lifetime);
+#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks krb5_get_max_time_skew.
+ However in the parent function we basically just did a full
+ krb5_context init with the only purpose of getting a global
+ config option (the max skew), it would probably make more sense
+ to have a lp_ or ldb global option as the samba default */
if (smb_krb5_context) {
unix_to_nt_time(&k->clock_skew,
krb5_get_max_time_skew(smb_krb5_context->krb5_context));
}
+#endif
k->reserved = 0;
}
/*