From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 14 Jul 2011 19:02:20 +0000 (+0200)
Subject: s4:kdc: set *_strongest_*_key to true to restore the old behavior
X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=7acc1a7a2f56627a2f5e4eed2fbfb14a16ecd649

s4:kdc: set *_strongest_*_key to true to restore the old behavior

TODO: check why this is needed.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104
---

diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 07234080439b..7c00ea9b3fa9 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -964,6 +964,19 @@ static void kdc_task_init(struct task_server *task)
 	}
 	kdc->config->num_db = 1;
 
+	/*
+	 * TODO: find out why this is needed in order
+	 *       to let make test work.
+	 *
+	 *       Without this, we are getting PAC varification
+	 *       failures. I guess because the PAC is not signed
+	 *       with a arcfour-hmac-md5 key.
+	 */
+	kdc->config->as_use_strongest_session_key = true;
+	kdc->config->preauth_use_strongest_session_key = true;
+	kdc->config->tgs_use_strongest_session_key = true;
+	kdc->config->use_strongest_server_key = true;
+
 	/* Register hdb-samba4 hooks for use as a keytab */
 
 	kdc->base_ctx = talloc_zero(kdc, struct samba_kdc_base_context);