sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

Only add WBFLAG_PAM_CONTACT_TRUSTDOM when performing a krb5 auth request.

Browse Source 
NTLM logons must go against our DC.
(This used to be commit 2e24f7c0243c67a00102c11258cfa6f61caf499f)
This commit is contained in:
Gerald W. Carter 2008-03-27 11:57:26 -05:00
parent 9c169e9e42
commit 0a4f742f0a
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
source3/nsswitch/pam_winbind.c
View File

@ -1200,9 +1200,13 @@ static int winbind_auth_request(pam_handle_t * pamh,
request.data.auth.krb5_cc_type[0] = '\0';
request.data.auth.uid = -1;
request.flags = WBFLAG_PAM_INFO3_TEXT |
WBFLAG_PAM_GET_PWD_POLICY |
WBFLAG_PAM_CONTACT_TRUSTDOM;
request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY;
/* Krb5 auth always has to go against the KDC of the user's realm */
if (ctrl & WINBIND_KRB5_AUTH) {
request.flags |= WBFLAG_PAM_CONTACT_TRUSTDOM;
}
if (ctrl & (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) {
struct passwd *pwd = NULL;