The branch, master has been updated via 8d159e9 s4:kdc: restore the behavior before the last heimdal import from 481f05c s3-gse Work around the MIT 1.9 gss_krb5_import_cred
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 8d159e9de108f2ccd107676a68802d90b95e5e7a Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 20 10:22:10 2011 +0200 s4:kdc: restore the behavior before the last heimdal import metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104 ----------------------------------------------------------------------- Summary of changes: source4/kdc/kdc.c | 24 ++++++++++++++++-------- 1 files changed, 16 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 7c00ea9..4e1e27c 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -965,16 +965,24 @@ static void kdc_task_init(struct task_server *task) kdc->config->num_db = 1; /* - * TODO: find out why this is needed in order - * to let make test work. + * This restores the behavior before + * commit 255e3e18e00f717d99f3bc57c8a8895ff624f3c3 + * s4:heimdal: import lorikeet-heimdal-201107150856 + * (commit 48936803fae4a2fb362c79365d31f420c917b85b) * - * Without this, we are getting PAC varification - * failures. I guess because the PAC is not signed - * with a arcfour-hmac-md5 key. + * as_use_strongest_session_key,preauth_use_strongest_session_key + * and tgs_use_strongest_session_key are input to the + * _kdc_find_etype() function. The old bahavior is in + * the use_strongest_session_key=FALSE code path. + * (The only remaining difference in _kdc_find_etype() + * is the is_preauth parameter.) + * + * The old behavior in the _kdc_get_preferred_key() + * function is use_strongest_server_key=TRUE. */ - kdc->config->as_use_strongest_session_key = true; - kdc->config->preauth_use_strongest_session_key = true; - kdc->config->tgs_use_strongest_session_key = true; + kdc->config->as_use_strongest_session_key = false; + kdc->config->preauth_use_strongest_session_key = false; + kdc->config->tgs_use_strongest_session_key = false; kdc->config->use_strongest_server_key = true; /* Register hdb-samba4 hooks for use as a keytab */ -- Samba Shared Repository