From 372ca26b2052e267711a45c8bf341f55505f3f8f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Oct 2005 03:47:55 +0000 Subject: r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5 authentication. This pulls the creating of the keytab back to the credentials code, and removes the special case of 'use keberos keytab = yes' for now. This allows (and requires) the callers to specify the credentials for the server credentails to GENSEC. This allows kpasswdd (soon to be added) to use a different set of kerberos credentials. The 'use kerberos keytab' code will be moved into the credentials layer, as the layers below now expect a keytab. We also now allow for the old secret to be stored into the credentials, allowing service password changes. Andrew Bartlett (This used to be commit 205f77c579ac8680c85f713a76de5767189c627b) --- source4/auth/gensec/gensec_krb5.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source4/auth/gensec/gensec_krb5.c') diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 71974790b1..d999559a49 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -86,6 +86,10 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) { struct gensec_krb5_state *gensec_krb5_state; + if (!gensec_get_credentials(gensec_security)) { + return NT_STATUS_INVALID_PARAMETER; + } + gensec_krb5_state = talloc(gensec_security, struct gensec_krb5_state); if (!gensec_krb5_state) { return NT_STATUS_NO_MEMORY; @@ -185,7 +189,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security gensec_krb5_state = gensec_security->private_data; gensec_krb5_state->state_position = GENSEC_KRB5_CLIENT_START; - ret = cli_credentials_get_ccache(gensec_security->credentials, &ccache_container); + ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), &ccache_container); if (ret) { DEBUG(1,("gensec_krb5_start: cli_credentials_get_ccache failed: %s\n", error_message(ret))); @@ -391,7 +395,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, nt_status = ads_verify_ticket(out_mem_ctx, gensec_krb5_state->smb_krb5_context, &gensec_krb5_state->auth_context, - lp_realm(), + gensec_get_credentials(gensec_security), gensec_get_target_service(gensec_security), &unwrapped_in, &gensec_krb5_state->ticket, &unwrapped_out, &gensec_krb5_state->keyblock); @@ -400,7 +404,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, nt_status = ads_verify_ticket(out_mem_ctx, gensec_krb5_state->smb_krb5_context, &gensec_krb5_state->auth_context, - lp_realm(), + gensec_get_credentials(gensec_security), gensec_get_target_service(gensec_security), &in, &gensec_krb5_state->ticket, &unwrapped_out, -- cgit