git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 842b6e8) | patch
- Fix the kerberos downgrade problem:
authorAndrew Bartlett <abartlet@samba.org>
Tue, 19 Aug 2003 20:39:32 +0000 (20:39 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 19 Aug 2003 20:39:32 +0000 (20:39 +0000)
commitf0cd6b35e551cdb2acb088f52edb0746da251b73
tree6b4e672f4f5931d6c361b2023c35267d4e1cc6a1tree
parent842b6e858314c4bd791ad203b51eeb463af4110dcommit | diff
- Fix the kerberos downgrade problem:
 - When connecting to the NETOGON pipe, we make a call to auth2, in order
   to verify our identity.  This call was being made with negotiation flags
   of 0x1ff.  This caused our account to be downgraded.  If we instead make
   the call with flags > 1ff (such as 0x701ff), then this does not occour.

 - This is *not* related to the use of kerberos for the CIFS-level connection

My theory is that Win2k has a test to see if we are sending *exactly* what
NT4 sent - setting any other flags seems to cause us to remain intact.

Also ensure that we only have 'setup schannel' code in a few places, not
scattered around cmd_netlogon too.

Andrew Bartlett
(This used to be commit e10f0529fe9d8d245b3cd001cce6a9a86896679c)
source3/rpc_client/cli_netlogon.c diff | blob | history
source3/rpc_client/cli_pipe.c diff | blob | history
source3/rpcclient/cmd_netlogon.c diff | blob | history
Samba Shared Repository