git.samba.org
/
tprouty
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
edbeea5
)
r22901: When an AD account has UF_DONT_REQUIRE_PREAUTH set we need to fallback to...
author
Günther Deschner
<gd@samba.org>
Tue, 15 May 2007 13:42:53 +0000
(13:42 +0000)
committer
Gerald (Jerry) Carter
<jerry@samba.org>
Wed, 10 Oct 2007 17:22:05 +0000
(12:22 -0500)
in the kerberized PAM_AUTH.
Guenther
source/nsswitch/winbindd_pam.c
patch
|
blob
|
history
diff --git
a/source/nsswitch/winbindd_pam.c
b/source/nsswitch/winbindd_pam.c
index bd2f82fb98ae1271b8d4d710541f3d52f8abb3c6..c82ac2b0bad291f8f61294fa998d22c6cdb192b7 100644
(file)
--- a/
source/nsswitch/winbindd_pam.c
+++ b/
source/nsswitch/winbindd_pam.c
@@
-566,6
+566,14
@@
static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
http_timestring(ticket_lifetime), (int)ticket_lifetime,
http_timestring(renewal_until), (int)renewal_until));
+ /* we cannot continue with krb5 when UF_DONT_REQUIRE_PREAUTH is set,
+ * in that case fallback to NTLM - gd */
+
+ if ((ticket_lifetime == 0) && (renewal_until == 0)) {
+ result = NT_STATUS_INVALID_LOGON_TYPE;
+ goto failed;
+ }
+
client_princ = talloc_strdup(state->mem_ctx, global_myname());
if (client_princ == NULL) {
result = NT_STATUS_NO_MEMORY;