summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/kerberos_verify.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 3aa0860809..cff007db47 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -376,13 +376,15 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
goto out;
}
- if (lp_use_kerberos_keytab()) {
+ /* always check secrets first in order to prevent hitting the
+ keytab until really necessary */
+
+ auth_ok = ads_secrets_verify_ticket(context, auth_context, host_princ,
+ ticket, &packet, &tkt, &keyblock);
+
+ if (!auth_ok && lp_use_kerberos_keytab()) {
auth_ok = ads_keytab_verify_ticket(context, auth_context, ticket, &packet, &tkt, &keyblock);
}
- if (!auth_ok) {
- auth_ok = ads_secrets_verify_ticket(context, auth_context, host_princ,
- ticket, &packet, &tkt, &keyblock);
- }
release_server_mutex();
got_replay_mutex = False;
generated by cgit (git 2.34.1) at 2024-11-02 17:38:15 +0000