From cfa2adf04017c9491d4cc6a69a0bbd4869061b6d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 31 Oct 2005 00:23:38 +0000 Subject: r11401: A simple hack to have our central credentials system deny sending LM authentication for user@realm logins and machine account logins. This should avoid various protocol downgrade attacks. Andrew Bartlett (This used to be commit 76c2d204d0a1ec66d1ef3c935688c7571b051f46) --- source4/auth/credentials/credentials_files.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/auth/credentials/credentials_files.c') diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index cdf38dcfa8..35bbc43b34 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -197,6 +197,9 @@ static NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, /* ok, we are going to get it now, don't recurse back here */ cred->machine_account_pending = False; + /* some other parts of the system will key off this */ + cred->machine_account = True; + mem_ctx = talloc_named(cred, 0, "cli_credentials fetch machine password"); /* Local secrets are stored in secrets.ldb */ ldb = secrets_db_connect(mem_ctx); -- cgit