IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Older MIT Kerberos libraries will add any secondary ipv6 address as
ipv4 address, defining the (default) krb5 port 88 circumvents that.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Apr 4 16:33:12 CEST 2014 on sn-devel-104
Just calling print_canonical_sockaddr() is sufficient, as it already deals with
ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
removed as well. It was pointless because it always derived the port number from
the provided address which was either a SMB (usually port 445) or LDAP
connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
Finally, the kerberos libraries that we support and build with, can deal with
ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
resolving the DC name on the kerberos library anymore.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 5 03:33:32 CET 2012 on sn-devel-104
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Some Kerberos libraries don't do proper failover. This fixes the situation
where a KDC exists in DNS but is not reachable for some reason.
Ported to master by Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
No code change except for an early "return talloc_asprintf(..)" making an else
branch obsolete.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Sep 26 18:24:25 CEST 2011 on sn-devel-104
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
in just the kdc_name if we have it and let the krb5 lib figure out the
appropriate ipv6 address
ipv6 gurus, please check.
Guenther
Passing NULL as dest_realm for cli_session_setup_spnego() was
always using our own realm (as for a NetBIOS name). Change this
to look for the mapped realm using krb5_get_host_realm() if
the destination machine name is a DNS name (contains a '.').
Could get fancier with DNS name detection (length, etc.) but
this will do for now.
Jeremy.
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
