The branch, v3-2-test has been updated
via 8039a2518caae54bc876368c73ec493f3cd4eb73 (commit)
from 3959b1954b02405ec174497fa17e345ca6d5ee94 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 8039a2518caae54bc876368c73ec493f3cd4eb73
Author: Gerald W. Carter <[EMAIL PROTECTED]>
Date: Mon Jan 28 11:32:09 2008 -0600
Restrict the enctypes in the generated krb5.conf files to Win2003 types.
This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain. We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.
-----------------------------------------------------------------------
Summary of changes:
source/libads/kerberos.c | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c
index b995250..d47e8a3 100644
--- a/source/libads/kerberos.c
+++ b/source/libads/kerberos.c
@@ -865,10 +865,14 @@ bool create_local_private_krb5_conf_for_domain(const char
*realm,
return False;
}
- file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm
= %s\n\n"
- "[realms]\n\t%s = {\n"
- "\t%s\t}\n",
- realm_upper, realm_upper, kdc_ip_string);
+ file_contents = talloc_asprintf(fname,
+ "[libdefaults]\n\tdefault_realm = %s\n"
+ "default_tgs_enctypes = RC4-HMAC
DES-CBC-CRC DES-CBC-MD5\n"
+ "default_tkt_enctypes = RC4-HMAC
DES-CBC-CRC DES-CBC-MD5\n"
+ "preferred_enctypes = RC4-HMAC
DES-CBC-CRC DES-CBC-MD5\n\n"
+ "[realms]\n\t%s = {\n"
+ "\t%s\t}\n",
+ realm_upper, realm_upper,
kdc_ip_string);
if (!file_contents) {
TALLOC_FREE(dname);
--
Samba Shared Repository
