From 26421fb2dc995c4fc10195f451c4d7dce07034bf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 13 Feb 2006 00:08:16 +0000
Subject: r13481: As far as I can tell, my changes in -r 12863 were dangerously
 untested.

We do need the gsskrb5_get_initiator_subkey() routine.  But we should
ensure that we do always get a valid key, to prevent any segfaults.

Without this code, we get a different session key compared with
Win2k3, and so kerberised smb signing fails.

Andrew Bartlett
(This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde)
---
 source4/auth/kerberos/kerberos-notes.txt | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/auth/kerberos')

diff --git a/source4/auth/kerberos/kerberos-notes.txt b/source4/auth/kerberos/kerberos-notes.txt
index 26cfa4dfba..43881a20d3 100644
--- a/source4/auth/kerberos/kerberos-notes.txt
+++ b/source4/auth/kerberos/kerberos-notes.txt
@@ -247,6 +247,10 @@ the kerberos libraries
 
  - DCE_STYLE
 
+ - gsskrb5_get_initiator_subkey() (return the exact key that Samba3
+   has always asked for.  gsskrb5_get_subkey() might do what we need
+   anyway)
+
  - gsskrb5_acquire_creds() (takes keytab and/or ccache as input
    parameters, see keytab and state machine discussion)
 
-- 
cgit