diff options
author | Stefan Metzmacher <metze@samba.org> | 2021-10-05 18:11:57 +0200 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-11-09 19:45:33 +0000 |
commit | e2d271cb6bcd292f786664f055cde41c32002804 (patch) | |
tree | 9a548397272cedebd473c26aaffb52b2e9141b64 /auth/gensec/schannel.c | |
parent | e2d5b4d709293b52112d078d6fcde95593d790c5 (diff) | |
download | samba-e2d271cb6bcd292f786664f055cde41c32002804.tar.gz |
CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member)
AD domains always provide a PAC unless UF_NO_AUTH_DATA_REQUIRED is set
on the service account, which can only be explicitly configured,
but that's an invalid configuration!
We still try to support standalone servers in an MIT realm,
as legacy setup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[jsutton@samba.org Removed knownfail entries]
Diffstat (limited to 'auth/gensec/schannel.c')
0 files changed, 0 insertions, 0 deletions