git.samba.org / jra / samba-autobuild / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ea97abd) | patch
s3:libads: move ads->auth.time_offset to ads->config.time_offset
authorStefan Metzmacher <metze@samba.org>
Tue, 27 Feb 2024 12:49:08 +0000 (13:49 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 14 May 2024 10:18:31 +0000 (10:18 +0000)
commitbac243442a6ce812a4dcce0168b7d6d9ba0a17fc
tree9bfd7000826d06010cc792cf2180e8a7021b1c49tree
parentea97abd545ec13a161b7082cae10f0012f11e8e6commit | diff
s3:libads: move ads->auth.time_offset to ads->config.time_offset

There's no reason to pass the LDAP servers time to the kerberos
libraries, as we may talk to a KDC different than the LDAP server!

Also Heimdal handles AS-REQ with KRB5KRB_AP_ERR_SKEW fine and
retries with the time from the krb-error.
MIT records the time from the KDC_ERR_PREAUTH_REQUIRED response
in order to use the KDCs time.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
source3/libads/kerberos_util.c diff | blob | history
source3/libads/ldap.c diff | blob | history
source3/libads/util.c diff | blob | history
source3/librpc/idl/ads.idl diff | blob | history
source3/utils/net_ads.c diff | blob | history
source3/winbindd/winbindd_pam.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.