From 8ea2d8f255763b027cc70e35f96ad2ad325a4589 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 20 Sep 2002 09:37:02 +0000
Subject: change ADS negprot to match more closely the options used by w2k.
 This affects the principal used and the order of SPNEGO OIDs (This used to be
 commit e8ff1c0819e02a1fc7234ad0a07d5415936dfbd2)

---
 source3/smbd/negprot.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'source3/smbd')

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 0e306cdab0..16427b00d7 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -170,9 +170,9 @@ static int negprot_spnego(char *p)
 	DATA_BLOB blob;
 	extern pstring global_myname;
 	uint8 guid[16];
-	const char *OIDs_krb5[] = {OID_NTLMSSP,
-				   OID_KERBEROS5,
+	const char *OIDs_krb5[] = {OID_KERBEROS5,
 				   OID_KERBEROS5_OLD,
+				   OID_NTLMSSP,
 				   NULL};
 	const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
 	char *principal;
@@ -199,9 +199,7 @@ static int negprot_spnego(char *p)
 	if (lp_security() != SEC_ADS) {
 		blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
 	} else {
-		/* win2000 uses host$@REALM, which we will probably use eventually,
-		   but for now this works */
-		asprintf(&principal, "HOST/%s@%s", guid, lp_realm());
+		asprintf(&principal, "%s$@%s", guid, lp_realm());
 		blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
 		free(principal);
 	}
-- 
cgit