summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos/kerberos_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/kerberos/kerberos_verify.c')
-rw-r--r--source4/auth/kerberos/kerberos_verify.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/source4/auth/kerberos/kerberos_verify.c b/source4/auth/kerberos/kerberos_verify.c
index 927b12d454..0497e3effa 100644
--- a/source4/auth/kerberos/kerberos_verify.c
+++ b/source4/auth/kerberos/kerberos_verify.c
@@ -93,7 +93,8 @@ static krb5_error_code ads_keytab_verify_ticket(TALLOC_CTX *mem_ctx, krb5_contex
/* Generate the list of principal names which we expect
* clients might want to use for authenticating to the file
- * service. We allow name$,{host,cifs}/{name,fqdn,name.REALM}. */
+ * service. We allow name$,{host,service}/{name,fqdn,name.REALM}.
+ * (where service is specified by the caller) */
my_name = lp_netbios_name();
@@ -103,9 +104,9 @@ static krb5_error_code ads_keytab_verify_ticket(TALLOC_CTX *mem_ctx, krb5_contex
asprintf(&valid_princ_formats[1], "host/%s@%s", my_name, lp_realm());
asprintf(&valid_princ_formats[2], "host/%s@%s", my_fqdn, lp_realm());
asprintf(&valid_princ_formats[3], "host/%s.%s@%s", my_name, lp_realm(), lp_realm());
- asprintf(&valid_princ_formats[4], "cifs/%s@%s", my_name, lp_realm());
- asprintf(&valid_princ_formats[5], "cifs/%s@%s", my_fqdn, lp_realm());
- asprintf(&valid_princ_formats[6], "cifs/%s.%s@%s", my_name, lp_realm(), lp_realm());
+ asprintf(&valid_princ_formats[4], "%s/%s@%s", service, my_name, lp_realm());
+ asprintf(&valid_princ_formats[5], "%s/%s@%s", service, my_fqdn, lp_realm());
+ asprintf(&valid_princ_formats[6], "%s/%s.%s@%s", service, my_name, lp_realm(), lp_realm());
ZERO_STRUCT(kt_entry);
ZERO_STRUCT(kt_cursor);
generated by cgit (git 2.34.1) at 2024-11-11 08:28:53 +0000