goto out;
}
- if (lp_use_kerberos_keytab()) {
+ /* always check secrets first in order to prevent hitting the
+ keytab until really necessary */
+
+ auth_ok = ads_secrets_verify_ticket(context, auth_context, host_princ,
+ ticket, &packet, &tkt, &keyblock);
+
+ if (!auth_ok && lp_use_kerberos_keytab()) {
auth_ok = ads_keytab_verify_ticket(context, auth_context, ticket, &packet, &tkt, &keyblock);
}
- if (!auth_ok) {
- auth_ok = ads_secrets_verify_ticket(context, auth_context, host_princ,
- ticket, &packet, &tkt, &keyblock);
- }
release_server_mutex();
got_replay_mutex = False;
{
struct uid_sid_cache *pc;
+ /* do not store SIDs in the "Unix Group" domain */
+
+ if ( sid_check_is_in_unix_users( psid ) )
+ return;
+
if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) {
/* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */
struct uid_sid_cache *pc_next;
void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
{
struct gid_sid_cache *pc;
+
+ /* do not store SIDs in the "Unix Group" domain */
+
+ if ( sid_check_is_in_unix_groups( psid ) )
+ return;
if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) {
/* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */