s4:auth: Export AES128 gMSA keys along with AES256 keys by default

author Jo Sutton <josutton@catalyst.net.nz>

Tue, 23 Apr 2024 01:13:20 +0000 (13:13 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Wed, 24 Apr 2024 05:16:29 +0000 (05:16 +0000)
author Jo Sutton <josutton@catalyst.net.nz>
Tue, 23 Apr 2024 01:13:20 +0000 (13:13 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Wed, 24 Apr 2024 05:16:29 +0000 (05:16 +0000)
diff --git a/selftest/knownfail.d/gmsa b/selftest/knownfail.d/gmsa

deleted file mode 100644 (file)

index 7a126d6..0000000
--- a/selftest/knownfail.d/gmsa
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.dckeytab.samba.tests.dckeytab.DCKeytabTests.test_export_keytab_gmsa
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c

index 4d5306d9002c3cd90f01b747150e1fd208699251..a2f0d172e024d54ca91cb2d8b441b75c2636938e 100644 (file)
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -350,7 +350,7 @@ NTSTATUS smb_krb5_fill_keytab_gmsa_keys(TALLOC_CTX *mem_ctx,
  
         supported_enctypes = ldb_msg_find_attr_as_uint(msg,
                                                        "msDS-SupportedEncryptionTypes",
-                                                      ENC_HMAC_SHA1_96_AES256);
+                                                      ENC_STRONG_SALTED_TYPES);
         /*
          * We trim this down to just the salted AES types, as the
          * passwords are now wrong for rc4-hmac due to the mapping of
author	Jo Sutton <josutton@catalyst.net.nz>
	Tue, 23 Apr 2024 01:13:20 +0000 (13:13 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 24 Apr 2024 05:16:29 +0000 (05:16 +0000)
selftest/knownfail.d/gmsa	[deleted file]	patch \| blob \| history
source4/auth/kerberos/srv_keytab.c		patch \| blob \| history