diff options
author | Andreas Schneider <asn@samba.org> | 2019-10-09 16:32:47 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2019-10-16 16:43:59 +0000 |
commit | 3ad42536f873f21cc2db774ca3ea694ca7142253 (patch) | |
tree | 3a6b301b987a7eea5096b9b17d8fcc41b6f94709 | |
parent | d533a588b62829688824824da681cb360a399651 (diff) | |
download | samba-3ad42536f873f21cc2db774ca3ea694ca7142253.tar.gz |
s3:libads: Do not turn on canonicalization flag for MIT Kerberos
This partially reverts 303b7e59a286896888ee2473995fc50bb2b5ce5e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155
Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 123584294cfd153acc2d9a5be9d71c395c847a25)
Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-10-test): Wed Oct 16 16:43:59 UTC 2019 on sn-devel-144
-rw-r--r-- | source3/libads/krb5_setpw.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 67bc2f4640d..028b0dcfa65 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -207,7 +207,22 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, krb5_get_init_creds_opt_set_win2k(context, opts, true); krb5_get_init_creds_opt_set_canonicalize(context, opts, true); #else /* MIT */ +#if 0 + /* + * FIXME + * + * Due to an upstream MIT Kerberos bug, this feature is not + * not working. Affection versions (2019-10-09): <= 1.17 + * + * Reproducer: + * kinit -C aDmInIsTrAtOr@ACME.COM -S kadmin/changepw@ACME.COM + * + * This is NOT a problem if the service is a krbtgt. + * + * https://bugzilla.samba.org/show_bug.cgi?id=14155 + */ krb5_get_init_creds_opt_set_canonicalize(opts, true); +#endif #endif /* MIT */ /* note that heimdal will fill in the local addresses if the addresses |