mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
HEIMDAL:kdc: make it possible to disable the principal based referral detection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
parent
b8bca7d08f
commit
209886e95c
@ -55,6 +55,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
|
||||
c->preauth_use_strongest_session_key = FALSE;
|
||||
c->tgs_use_strongest_session_key = FALSE;
|
||||
c->use_strongest_server_key = TRUE;
|
||||
c->autodetect_referrals = TRUE;
|
||||
c->check_ticket_addresses = TRUE;
|
||||
c->allow_null_ticket_addresses = TRUE;
|
||||
c->allow_anonymous = FALSE;
|
||||
|
@ -69,6 +69,8 @@ typedef struct krb5_kdc_configuration {
|
||||
krb5_boolean allow_anonymous;
|
||||
enum krb5_kdc_trpolicy trpolicy;
|
||||
|
||||
krb5_boolean autodetect_referrals;
|
||||
|
||||
krb5_boolean enable_pkinit;
|
||||
krb5_boolean pkinit_princ_in_cert;
|
||||
const char *pkinit_kdc_identity;
|
||||
|
@ -1660,7 +1660,9 @@ server_lookup:
|
||||
Realm req_rlm;
|
||||
krb5_realm *realms;
|
||||
|
||||
if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
|
||||
if (!config->autodetect_referrals) {
|
||||
/* noop */
|
||||
} else if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
|
||||
if(nloop++ < 2) {
|
||||
new_rlm = find_rpath(context, tgt->crealm, req_rlm);
|
||||
if(new_rlm) {
|
||||
|
Loading…
Reference in New Issue
Block a user