The branch, master has been updated
via 0438027 auth: Explain why GSS_KRB5_CRED_NO_CI_FLAGS_X is needed
from 225d701 correct sense of macro variable name in SMB2 durable open
test
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0438027a476e56bb5664886918a982929c6add87
Author: Andreas Schneider <[email protected]>
Date: Tue Jun 23 17:39:27 2015 +0200
auth: Explain why GSS_KRB5_CRED_NO_CI_FLAGS_X is needed
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Wed Jun 24 13:37:02 CEST 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_krb5.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_krb5.c
b/auth/credentials/credentials_krb5.c
index d6aaae6..286bede 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -635,7 +635,15 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
}
#ifdef HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
- /* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */
+ /*
+ * Don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG.
+ *
+ * This allows us to disable SIGN and SEAL on a TLS connection with
+ * GSS-SPNENO. For example ldaps:// connections.
+ *
+ * https://groups.yahoo.com/neo/groups/cat-ietf/conversations/topics/575
+ * http://krbdev.mit.edu/rt/Ticket/Display.html?id=6938
+ */
maj_stat = gss_set_cred_option(&min_stat, &gcc->creds,
GSS_KRB5_CRED_NO_CI_FLAGS_X,
&empty_buffer);
--
Samba Shared Repository
