Alexander Bokovoy 8e931fce12 Do not fail checksums for RFC8009 types ... While Active Directory does not support yet RFC 8009 encryption and checksum types, it is possible to verify these checksums when running with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA domain controller which uses them by default. [2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)] ../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative) smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab [2023/06/16 21:51:04.924196, 2, pid=51149, effective(0, 0), real(0, 0), class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum) check_pac_checksum: Checksum Type 20 is not supported [2023/06/16 21:51:04.924228, 5, pid=51149, effective(0, 0), real(0, 0), class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac) PAC Decode: Failed to verify the service signature: Invalid argument Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>		2024-04-08 03:00:39 +00:00
..
gssapi_helper.c	define DBGC_AUTH class	2018-01-08 03:34:17 +01:00
gssapi_helper.h	auth/kerberos: add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions	2015-06-24 01:03:16 +02:00
gssapi_pac.c	auth: Fix code spelling	2023-03-28 09:33:31 +00:00
kerberos_pac.c	Do not fail checksums for RFC8009 types	2024-04-08 03:00:39 +00:00
pac_utils.h	auth/kerberos: add auth4_context_{for,get}_PAC_DATA_CTR() helpers	2020-02-10 16:32:36 +00:00
wscript_build	build: Remove unused dependencies	2022-11-08 02:39:37 +00:00