git.samba.org - kai/samba-autobuild/.git/commit

author	Dan Sledz <dsledz@isilon.com>
	Fri, 16 Jan 2009 01:02:41 +0000 (17:02 -0800)
committer	Steven Danneman <steven.danneman@isilon.com>
	Mon, 2 Feb 2009 04:23:31 +0000 (20:23 -0800)
commit	d96248a9b46559552f53b0ecd3861387ea7ff050
tree	e7d5f3d00f0831d1cb2c4315cd2fa7e1de6abaf6	tree
parent	d75b3913c9e03ff97336aa7a6e1cbac2eb03f230	commit \| diff

Add two new parameters to control how we verify kerberos tickets. Removes lp_use_kerberos_keytab parameter.

The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab

For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only

The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.

The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.

source3/include/includes.h		diff \| blob \| history
source3/include/proto.h		diff \| blob \| history
source3/libads/kerberos_verify.c		diff \| blob \| history
source3/libnet/libnet_join.c		diff \| blob \| history
source3/param/loadparm.c		diff \| blob \| history
source3/rpc_server/srv_pipe.c		diff \| blob \| history
source3/smbd/negprot.c		diff \| blob \| history
source3/smbd/sesssetup.c		diff \| blob \| history
source3/utils/net_ads.c		diff \| blob \| history
source3/winbindd/winbindd_dual.c		diff \| blob \| history