s4:auth/kerberos: activate windows related krb5 flags

author Stefan Metzmacher <metze@samba.org>

Sun, 24 Jul 2011 20:02:21 +0000 (22:02 +0200)

committer Stefan Metzmacher <metze@samba.org>

Mon, 25 Jul 2011 07:45:01 +0000 (09:45 +0200)
author Stefan Metzmacher <metze@samba.org>
Sun, 24 Jul 2011 20:02:21 +0000 (22:02 +0200)
committer Stefan Metzmacher <metze@samba.org>
Mon, 25 Jul 2011 07:45:01 +0000 (09:45 +0200)
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c

index 9a48e95c6d2df2632d2a741a585855034cd668c5..c255e6605ac954fe8c29b24e513db72f3e12a717 100644 (file)
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -394,6 +394,16 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
                 break;
         }
  
+       /*
+        * In order to work against windows KDCs even if we use
+        * the netbios domain name as realm, we need to add the following
+        * flags:
+        * KRB5_INIT_CREDS_NO_C_CANON_CHECK;
+        * KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
+        */
+       krb5_get_init_creds_opt_set_win2k(smb_krb5_context->krb5_context,
+                                         krb_options, true);
+
         tries = 2;
         while (tries--) {
                 struct tevent_context *previous_ev;
author	Stefan Metzmacher <metze@samba.org>
	Sun, 24 Jul 2011 20:02:21 +0000 (22:02 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 25 Jul 2011 07:45:01 +0000 (09:45 +0200)