summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-02-10 20:54:18 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-02-10 12:36:23 +0100
commitd2ccaaad20a22a5a09f883809945827dabbc65a7 (patch)
treeb577cf092cdb0c5e5a2f38c7071993a261818571 /auth
parent93f3fc54e462958c3bc88ebf586be99fb703347b (diff)
downloadsamba-d2ccaaad20a22a5a09f883809945827dabbc65a7.tar.gz
gensec: explain gensec_use_kerberos_mechs() logic
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Feb 10 12:36:23 CET 2012 on sn-devel-104
Diffstat (limited to 'auth')
-rw-r--r--auth/gensec/gensec_start.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index e9ccb16b0c1..d3145ec581d 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -50,7 +50,22 @@ bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_
/* Sometimes we want to force only kerberos, sometimes we want to
* force it's avoidance. The old list could be either
* gensec_security_all(), or from cli_credentials_gensec_list() (ie,
- * an existing list we have trimmed down) */
+ * an existing list we have trimmed down)
+ *
+ * The intended logic is:
+ *
+ * if we are in the default AUTO have kerberos:
+ * - take a reference to the master list
+ * otherwise
+ * - always add spnego then:
+ * - if we 'MUST' have kerberos:
+ * only add kerberos mechs
+ * - if we 'DONT' want kerberos':
+ * only add non-kerberos mechs
+ *
+ * Once we get things like NegoEx or moonshot, this will of course get
+ * more compplex.
+ */
_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
struct gensec_security_ops **old_gensec_list,