diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-04-10 16:10:00 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-06-10 21:48:20 +0200 |
commit | 00de59a478301a00a33b420524cd52caf481854f (patch) | |
tree | 66b790e3e5abf95a10a32147534a4819f0647807 /python | |
parent | 970fdfae6a18bf11d423a72973c0f7b589e6f92a (diff) | |
download | samba-00de59a478301a00a33b420524cd52caf481854f.tar.gz |
join.py: Do not expose the old machine password over NTLM if -k yes was set
This makes the test for a valid machine account stricter (as a kerberos error could
cause this to fail and so skip the validation), but we never wish to use NTLM
if the administrator disabled it on the command line
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/join.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/python/samba/join.py b/python/samba/join.py index 6a924359407..3e70db08d2a 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -209,6 +209,7 @@ class dc_join(object): creds.guess(ctx.lp) try: creds.set_machine_account(ctx.lp) + creds.set_kerberos_state(ctx.creds.get_kerberos_state()) machine_samdb = SamDB(url="ldap://%s" % ctx.server, session_info=system_session(), credentials=creds, lp=ctx.lp) |