From b8f4e0796d068fab6844dd94dc28d3e9825e0f55 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 26 Aug 2005 11:52:35 +0000 Subject: r9648: this fixes the krb5 based login with the pac. The key to this whole saga was that the logon_time field in the pac must match the authtime field in the ticket we gave the client in the AS-REP (and thus also the authtime field in the ticket we get back in the TGS-REQ). Many thanks to Andrew Bartlett for his patience in showing me the basic ropes of all this code! This was a joint effort. (This used to be commit 7bee374b3ffcdb0424a83f909fe5ad504ea3882e) --- source4/kdc/pac-glue.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'source4/kdc/pac-glue.c') diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 44326cabef..45b6776f70 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -26,11 +26,12 @@ #include "kdc/pac-glue.h" /* Ensure we don't get this prototype wrong, as that could be painful */ krb5_error_code samba_get_pac(krb5_context context, - struct krb5_kdc_configuration *config, - krb5_principal client, - krb5_keyblock *krbtgt_keyblock, - krb5_keyblock *server_keyblock, - krb5_data *pac) + struct krb5_kdc_configuration *config, + krb5_principal client, + krb5_keyblock *krbtgt_keyblock, + krb5_keyblock *server_keyblock, + time_t tgs_authtime, + krb5_data *pac) { krb5_error_code ret; NTSTATUS nt_status; @@ -74,6 +75,7 @@ context, krbtgt_keyblock, server_keyblock, + tgs_authtime, &tmp_blob); if (ret) { -- cgit