kclient.sh
============
- ((val=val+1+2))
- enctypes[${#enctyp...@]}]=des-cbc-crc
+ ((val=val+2))
enctypes[${#enctyp...@]}]=des-cbc-md5
Why is des-cbc-crc enctypes not needed any more?
----------------------
+ printf "%s" $newpw | $KSETPW -n -s $salt -v $kvno -k "$new_keytab"
"${ar...@]}" HOST/${fq...@${realm} > /dev/null 2>&1
+ if [[ $? -ne 0 ]]
+ then
+ printf "$(gettext "Failed to set account password").\n"
+ error_message
+ fi
+
This is a workaround for the following CR:
6824434 P3 kerberosv5_b/applications Unable to accept context
establishment initiated by Windows 2000 clients
If your team plans to fix the above CR by modifying mech_krb5 to perform
case-insensitive lookup in the near future, it'd be better not to push
this workaround along with the fixes for 6405422 & 6817447.
-----------------------
+servicePrincipalName: cifs/${fqdn}
+ printf "%s" $newpw | $KSETPW -n -s $salt -v $kvno -k "$new_keytab"
"${ar...@]}" cifs/${fq...@${realm} > /dev/null 2>&1
+ if [[ $? -ne 0 ]]
+ then
printf "$(gettext "Failed to set account password").\n"
error_message
fi
I'd like the CIFS SPN to be introduced by both kclient and smbadm at the
same time ... probably at the time I putback the extended security work
for the CIFS project. What's your thought on this?
BTW, I've already fixed the key salt generation for smbadm CLI and the
fix will be put back as part of:
CR 6791210 P3 utility/cifs Kerberos user authentication
Thanks,
Natalie
Shawn M Emery wrote:
>
> Was needing code reviews for the following CRs:
>
> 6405422 Solaris acceptors fail in AD-KDC environments when using
> non-"host" services...
> 6817447 libgss and various mechs are hiding both the real minor_status
> and the error token
>
> Webrev:
> http://cr.opensolaris.org/~semery/cifs
>
> Thanks,
>
> Shawn.
> --
> _______________________________________________
> kerberos-discuss mailing list
> kerberos-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/kerberos-discuss
