From 89a074b784295204aa8d7dd585bf3533ac7971a7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Jun 2009 12:11:14 +1000 Subject: s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail list user principal name) in an AS-REQ. Evidence from the wild (Win2k8 reportadely) indicates that this is instead valid for all types of requests. While this is now handled in heimdal/kdc/misc.c, a flag is now defined in Heimdal's hdb so that we can take over this handling in future (once we start using a system Heimdal, and if we find out there is more to be done here). Andrew Bartlett --- source4/kdc/hdb-samba4.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/kdc/hdb-samba4.c') diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 367eee5f14..7d731ab13d 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -1425,6 +1425,7 @@ NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx, (*db)->hdb_master_key_set = 0; (*db)->hdb_db = NULL; + (*db)->hdb_capability_flags = 0; nt_status = auth_system_session_info(*db, lp_ctx, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { -- cgit