1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/auth/kerberos
Alexander Bokovoy 8e931fce12 Do not fail checksums for RFC8009 types
While Active Directory does not support yet RFC 8009 encryption and
checksum types, it is possible to verify these checksums when running
with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA
domain controller which uses them by default.

[2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)]
../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative)
  smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab
[2023/06/16 21:51:04.924196,  2, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum)
  check_pac_checksum: Checksum Type 20 is not supported
[2023/06/16 21:51:04.924228,  5, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac)
  PAC Decode: Failed to verify the service signature: Invalid argument

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-08 03:00:39 +00:00
..
gssapi_helper.c define DBGC_AUTH class 2018-01-08 03:34:17 +01:00
gssapi_helper.h
gssapi_pac.c auth: Fix code spelling 2023-03-28 09:33:31 +00:00
kerberos_pac.c Do not fail checksums for RFC8009 types 2024-04-08 03:00:39 +00:00
pac_utils.h auth/kerberos: add auth4_context_{for,get}_PAC_DATA_CTR() helpers 2020-02-10 16:32:36 +00:00
wscript_build build: Remove unused dependencies 2022-11-08 02:39:37 +00:00