Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client)
will not select krb5.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
gensec_init();
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
-
+ /* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
+ gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+
gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
GENSEC_OID_SPNEGO);
return NT_STATUS_NO_MEMORY;
}
- gensec_settings->backends[idx++] = &gensec_ntlmssp3_client_ops;
+ gensec_init();
+ /* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
- gensec_init();
+ gensec_settings->backends[idx++] = &gensec_ntlmssp3_client_ops;
+
gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
GENSEC_OID_SPNEGO);
gensec_init();
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
-
+ /* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
+ gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+
gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
GENSEC_OID_SPNEGO);