r17972: revert accidental commit to ads_verify_ticket()

author Gerald Carter <jerry@samba.org>

Thu, 31 Aug 2006 18:33:50 +0000 (18:33 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 16:39:44 +0000 (11:39 -0500)
author Gerald Carter <jerry@samba.org>
Thu, 31 Aug 2006 18:33:50 +0000 (18:33 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:39:44 +0000 (11:39 -0500)
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c

index cff007db47650f4d84c28f927fbbda89caf064de..3aa0860809d39692ab612483107d83d7e9ccffc3 100644 (file)
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -376,15 +376,13 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
                 goto out;
         }
  
-       /* always check secrets first in order to prevent hitting the 
-          keytab until really necessary */
-
-       auth_ok = ads_secrets_verify_ticket(context, auth_context, host_princ,
-                                           ticket, &packet, &tkt, &keyblock);
-
-       if (!auth_ok && lp_use_kerberos_keytab()) {
+       if (lp_use_kerberos_keytab()) {
                 auth_ok = ads_keytab_verify_ticket(context, auth_context, ticket, &packet, &tkt, &keyblock);
         }
+       if (!auth_ok) {
+               auth_ok = ads_secrets_verify_ticket(context, auth_context, host_princ,
+                                                   ticket, &packet, &tkt, &keyblock);
+       }
  
         release_server_mutex();
         got_replay_mutex = False;
author	Gerald Carter <jerry@samba.org>
	Thu, 31 Aug 2006 18:33:50 +0000 (18:33 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 16:39:44 +0000 (11:39 -0500)