r20403: Cleaning out my Samba 3.0 tree:

As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults.  We suggest leaving this up to the defaults from the
libraries anyway.

Andrew Bartlett

source/libads/sasl.c

@@ -42,7 +42,6 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
 	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
 		return ADS_ERROR_NT(nt_status);
 	}
-	ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
 
 	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
 		return ADS_ERROR_NT(nt_status);
@@ -283,12 +282,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
 	ADS_STATUS status;
 	krb5_principal principal;
 	krb5_context ctx = NULL;
-	krb5_enctype enc_types[] = {
-#ifdef ENCTYPE_ARCFOUR_HMAC
-			ENCTYPE_ARCFOUR_HMAC,
-#endif
-			ENCTYPE_DES_CBC_MD5,
-			ENCTYPE_NULL};
 	gss_OID_desc nt_principal = 
 	{10, CONST_DISCARD(char *, "\052\206\110\206\367\022\001\002\002\002")};
 
@@ -301,10 +294,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
 	if (!ADS_ERR_OK(status)) {
 		return status;
 	}
-	status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types));
-	if (!ADS_ERR_OK(status)) {
-		return status;
-	}
 	status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, &principal));
 	if (!ADS_ERR_OK(status)) {
 		return status;

source/libsmb/clikrb5.c

@@ -130,35 +130,6 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context,
 }
 #endif
 
-#if !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES)
-
-#if defined(HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES)
-
-/* With MIT kerberos, we should use krb5_set_default_tgs_enctypes in preference
- * to krb5_set_default_tgs_ktypes. See
- *         http://lists.samba.org/archive/samba-technical/2006-July/048271.html
- *
- * If the MIT libraries are not exporting internal symbols, we will end up in
- * this branch, which is correct. Otherwise we will continue to use the
- * internal symbol
- */
- krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc)
-{
-    return krb5_set_default_tgs_enctypes(ctx, enc);
-}
-
-#elif defined(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES)
-
-/* Heimdal */
- krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc)
-{
-	return krb5_set_default_in_tkt_etypes(ctx, enc);
-}
-
-#endif /* HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES */
-
-#endif /* HAVE_KRB5_SET_DEFAULT_TGS_KTYPES */
-
 #if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS)
 /* HEIMDAL */
  void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr)
@@ -641,13 +612,6 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset,
 	krb5_context context = NULL;
 	krb5_ccache ccdef = NULL;
 	krb5_auth_context auth_context = NULL;
-	krb5_enctype enc_types[] = {
-#ifdef ENCTYPE_ARCFOUR_HMAC
-		ENCTYPE_ARCFOUR_HMAC,
-#endif 
-		ENCTYPE_DES_CBC_MD5, 
-		ENCTYPE_DES_CBC_CRC, 
-		ENCTYPE_NULL};
 
 	initialize_krb5_error_table();
 	retval = krb5_init_context(&context);
@@ -668,12 +632,6 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset,
 		goto failed;
 	}
 
-	if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) {
-		DEBUG(1,("cli_krb5_get_ticket: krb5_set_default_tgs_ktypes failed (%s)\n",
-			 error_message(retval)));
-		goto failed;
-	}
-
 	if ((retval = ads_krb5_mk_req(context, 
 					&auth_context, 
 					AP_OPTS_USE_SUBKEY | (krb5_flags)extra_ap_opts,