mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
215bb9bd48
While Active Directory does not support yet RFC 8009 encryption and
checksum types, it is possible to verify these checksums when running
with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA
domain controller which uses them by default.
[2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)]
../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative)
smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab
[2023/06/16 21:51:04.924196, 2, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum)
check_pac_checksum: Checksum Type 20 is not supported
[2023/06/16 21:51:04.924228, 5, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac)
PAC Decode: Failed to verify the service signature: Invalid argument
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15635
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| enctype_convert.c | ||
| gss_samba.c | ||
| gss_samba.h | ||
| keytab_util.c | ||
| krb5_errs.c | ||
| krb5_samba.c | ||
| krb5_samba.h | ||
| wscript_build | ||
| wscript_configure | ||