Alexander Bokovoy 215bb9bd48 Do not fail checksums for RFC8009 types ... While Active Directory does not support yet RFC 8009 encryption and checksum types, it is possible to verify these checksums when running with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA domain controller which uses them by default. [2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)] ../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative) smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab [2023/06/16 21:51:04.924196, 2, pid=51149, effective(0, 0), real(0, 0), class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum) check_pac_checksum: Checksum Type 20 is not supported [2023/06/16 21:51:04.924228, 5, pid=51149, effective(0, 0), real(0, 0), class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac) PAC Decode: Failed to verify the service signature: Invalid argument BUG: https://bugzilla.samba.org/show_bug.cgi?id=15635 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8e931fce12) Autobuild-User(v4-20-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-20-test): Tue Apr 16 12:24:55 UTC 2024 on atb-devel-224		2024-04-16 12:24:55 +00:00
..
gssapi_helper.c	define DBGC_AUTH class	2018-01-08 03:34:17 +01:00
gssapi_helper.h	auth/kerberos: add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions	2015-06-24 01:03:16 +02:00
gssapi_pac.c	auth: Fix code spelling	2023-03-28 09:33:31 +00:00
kerberos_pac.c	Do not fail checksums for RFC8009 types	2024-04-16 12:24:55 +00:00
pac_utils.h	auth/kerberos: add auth4_context_{for,get}_PAC_DATA_CTR() helpers	2020-02-10 16:32:36 +00:00
wscript_build	build: Remove unused dependencies	2022-11-08 02:39:37 +00:00