sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

heimdal: honor conf enctypes when obtaining a service ticket

Browse Source 
This patch removes part of what's categorized in the code as
"hideous glue", which causes Heimdal to ignore krb5.conf
encryption types, and instead use either the application-
supplied values or the default compile-time values.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Uri Simchoni 2016-07-04 09:50:33 +03:00 committed by Jeremy Allison
parent 3fff2667ec
commit 1f90983324
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source4/heimdal/lib/gssapi/krb5/init_sec_context.c
View File

@ -427,15 +427,12 @@ init_auth
/*
* This is hideous glue for (NFS) clients that wants to limit the
* available enctypes to what it can support (encryption in
* kernel). If there is no enctypes selected for this credential,
* reset it to the default set of enctypes.
* kernel).
*/
{
krb5_enctype *enctypes = NULL;
if (cred && cred->enctypes)
enctypes = cred->enctypes;
krb5_set_default_in_tkt_etypes(context, enctypes);
if (cred && cred->enctypes) {
krb5_set_default_in_tkt_etypes(context, cred->enctypes);
}
}
/* canon name if needed for client + target realm */