IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Thanks to Hongwei Sun for the clear description of the algorithim
involved. Importantly, it isn't possible to remove encryption types
from the list, only to add them over the defaults (DES and
arcfour-hmac-md5, and additional AES for DCs and RODCs).
This changes the behaviour for entries with
msDS-supportedEncryptionTypes: 0, which Angelos Oikonomopoulos
reported finding set by ADUC when attempting to store cleartext
passwords.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 16 21:24:43 UTC 2010 on sn-devel-104
This is exactly what's needed there.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov 16 08:42:07 UTC 2010 on sn-devel-104
this fixes some timing issues, plus ensures we test both with and
without kerberos
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov 16 07:58:55 UTC 2010 on sn-devel-104
The KDC sets different flags for the AS-REQ (this is client-depenent)
and the TGS-REQ to determine if the realm should be forced to the
canonical value. If we do this always, or do this never, we get into
trouble, so it's much better to honour the flags we are given.
Andrew Bartlett
if you use --git-local-changes then the version number that waf
extracts from git will have a '+' on the end if you have local
changes, as determined by running 'git diff'.
This used to be the default, but unfortunately it is far too slow on
some systems. On a NFS build system I was using the first line of
configure took about 2 minutes.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov 16 01:51:54 UTC 2010 on sn-devel-104
We should never get a cross-realm ticket that was not issued by a full
DC, but if someone claims to have such a thing, reject it rather than
segfaulting on the NULL client pointer.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 23:59:34 UTC 2010 on sn-devel-104
The PAC was being regenerated on all normal DCs, because they don't
have a msDS-SecondaryKrbTgtNumber attribute. Instead we need to check
if it's set and not equal to our RODC number, allowing RODCs to trust
the full DCs and itself, but not other RODCs.
Andrew Bartlett
By checking the client principal here, we compare the realm based on
the normalised realm, but do so early enough to validate the PAC (and
regenerate it if required).
Andrew Bartlett
This provides a script that allows testing of most of the steps of the
Samba4 HOWTO. The big difference between this and 'make test' is that
it test against windows, using pexpect to control windows boxes via
telnet.
The info about VMs and other parameters are in separate conf
files. I've included a sample config file that I use on my laptop.
typo spotted by Michael Wood
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Mon Nov 15 21:44:39 UTC 2010 on sn-devel-104
the fancier cmd_output() broke git versioning
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 15 11:33:41 UTC 2010 on sn-devel-104
Samba4 may modify the case of the realm in a returned entry, but will no longer modify the case of the prinicipal components.
The easy way to keep this test passing is to consider also what we
need to do to get the krbtgt account for the PAC signing - and to use
krbtgt/<this>/@REALM component to fetch the real krbtgt, and to use
that resutl for realm comparion.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 08:47:44 UTC 2010 on sn-devel-104
