git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a41efe6)
s4:auth/credentials: S4U2Self should force CRED_MUST_USE_KERBEROS
authorStefan Metzmacher <metze@samba.org>
Thu, 28 Apr 2011 15:10:03 +0000 (17:10 +0200)
committerStefan Metzmacher <metze@samba.org>
Wed, 18 May 2011 05:46:41 +0000 (07:46 +0200)
Otherwise we would not impersonate the desired principal.
This still doesn't work for plaintext auth, but should
avoid ntlmssp.

metze

source4/auth/credentials/credentials_krb5.c patch | blob | history

diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 5883282c2501f9a8b1284a45648852f33ed0b9f5..bfba1679f74671e043d6007dc4854b5f7b1fd9be 100644 (file)
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -813,6 +813,7 @@ _PUBLIC_ void cli_credentials_set_impersonate_principal(struct cli_credentials *
        cred->impersonate_principal = talloc_strdup(cred, principal);
        talloc_free(cred->self_service);
        cred->self_service = talloc_strdup(cred, self_service);
+       cli_credentials_set_kerberos_state(cred, CRED_MUST_USE_KERBEROS);
 }
 
 /*
Samba Shared Repository