From 188b28b9d99ee97176c910b506cb542b5eff01ff Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sun, 24 Jul 2011 22:02:21 +0200
Subject: s4:auth/kerberos: activate windows related krb5 flags

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jul 25 09:45:01 CEST 2011 on sn-devel-104
---
 source4/auth/kerberos/kerberos_util.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'source4/auth')

diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 9a48e95c6d..c255e6605a 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -394,6 +394,16 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
 		break;
 	}
 
+	/*
+	 * In order to work against windows KDCs even if we use
+	 * the netbios domain name as realm, we need to add the following
+	 * flags:
+	 * KRB5_INIT_CREDS_NO_C_CANON_CHECK;
+	 * KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
+	 */
+	krb5_get_init_creds_opt_set_win2k(smb_krb5_context->krb5_context,
+					  krb_options, true);
+
 	tries = 2;
 	while (tries--) {
 		struct tevent_context *previous_ev;
-- 
cgit