sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

auth/credentials: explain why we need to the enctypes for the gssapi layer

Browse Source 
metze
(This used to be commit 88970c4d4192635544cf63e79e929e9bb05ecb5f)
This commit is contained in:
Stefan Metzmacher 2008-07-28 09:29:42 +02:00
parent 72d2bea916
commit 0299edbc02
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source4/auth/credentials/credentials_krb5.c
View File

@ -392,7 +392,17 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
return ret;
}
/* transfer the enctypes from the smb_krb5_context to the gssapi layer */
/*
* transfer the enctypes from the smb_krb5_context to the gssapi layer
*
* We use 'our' smb_krb5_context to do the AS-REQ and it is possible
* to configure the enctypes via the krb5.conf.
*
* And the gss_init_sec_context() creates it's own krb5_context and
* the TGS-REQ had all enctypes in it and only the ones configured
* and used for the AS-REQ, so it wasn't possible to disable the usage
* of AES keys.
*/
min_stat = krb5_get_default_in_tkt_etypes(ccache->smb_krb5_context->krb5_context,
&etypes);
if (min_stat == 0) {