r19628: This hint via Love at the IETF meeting:

Larry told me that most context flags needed to be set to, otherwise
it wouldn't work.

This fixes DCE_STYLE against Win2k3 SP1.  It seems they just tightened
up their end of the GSSAPI code, as DCE_STYLE is explicity rejected in
the session setup too (being the wrong layer).

Andrew Bartlett

diff --git a/source/auth/gensec/gensec_gssapi.c b/source/auth/gensec/gensec_gssapi.c
index 136962d89237129538f1da5865767de643d91fad..39d90546f68a606bb6d09d1746b719bb652b3fac 100644 (file)
--- a/source/auth/gensec/gensec_gssapi.c
+++ b/source/auth/gensec/gensec_gssapi.c
@@ -164,6 +164,9 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
        if (lp_parm_bool(-1, "gensec_gssapi", "delegation", True)) {
                gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
        }
+       if (lp_parm_bool(-1, "gensec_gssapi", "replay", True)) {
+               gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG;
+       }
        if (lp_parm_bool(-1, "gensec_gssapi", "sequence", True)) {
                gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG;
        }