From 5131359edae7a5c7092c0d41bb225941596ddcac Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 30 Aug 2012 07:49:21 +1000
Subject: auth/credentials: Support match-by-key in
 cli_credentials_get_server_gss_creds()

This allows a password alone to be used to accept kerberos tickets.

Of course, we need to have got the salt right, but we do not need also
the correct kvno.  This allows gensec_gssapi to accept tickets based on
a secrets.tdb entry.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
---
 source4/auth/kerberos/kerberos.h      | 1 +
 source4/auth/kerberos/kerberos_util.c | 1 +
 2 files changed, 2 insertions(+)

(limited to 'source4/auth')

diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 51b80556bf..45975f16f3 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -40,6 +40,7 @@ struct ccache_container {
 struct keytab_container {
 	struct smb_krb5_context *smb_krb5_context;
 	krb5_keytab keytab;
+	bool password_based;
 };
 
 /* not really ASN.1, but RFC 1964 */
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 17ae99c6cd..b65a2adc5e 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -378,6 +378,7 @@ krb5_error_code smb_krb5_get_keytab_container(TALLOC_CTX *mem_ctx,
 
 	(*ktc)->smb_krb5_context = talloc_reference(*ktc, smb_krb5_context);
 	(*ktc)->keytab = keytab;
+	(*ktc)->password_based = false;
 	talloc_set_destructor(*ktc, free_keytab_container);
 
 	return 0;
-- 
cgit