s4:kdc: set *_strongest_*_key to true to restore the old behavior

TODO: check why this is needed.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104

diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 07234080439bb082e4ffa7df1a8556022ba596c6..7c00ea9b3fa936eb6246eb2751202e2e3f698a75 100644 (file)
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -964,6 +964,19 @@ static void kdc_task_init(struct task_server *task)
        }
        kdc->config->num_db = 1;
 
+       /*
+        * TODO: find out why this is needed in order
+        *       to let make test work.
+        *
+        *       Without this, we are getting PAC varification
+        *       failures. I guess because the PAC is not signed
+        *       with a arcfour-hmac-md5 key.
+        */
+       kdc->config->as_use_strongest_session_key = true;
+       kdc->config->preauth_use_strongest_session_key = true;
+       kdc->config->tgs_use_strongest_session_key = true;
+       kdc->config->use_strongest_server_key = true;
+
        /* Register hdb-samba4 hooks for use as a keytab */
 
        kdc->base_ctx = talloc_zero(kdc, struct samba_kdc_base_context);