diff options
| author | Andrew Tridgell <tridge@samba.org> | 2002-09-17 12:12:50 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2002-09-17 12:12:50 +0000 |
| commit | 0d28d769472ea3b98ae4c8757093dfd4499f6dd1 (patch) | |
| tree | 5723f8b516a63e8ce7b410b5c803c87f33f4686e /source/libads/sasl.c | |
| parent | 3401c3616b3dcb99053f89d88f8e351c986c9096 (diff) | |
| download | samba-0d28d769472ea3b98ae4c8757093dfd4499f6dd1.tar.gz | |
Add clock skew handling to our kerberos code. This allows us to cope with
the DC being out of sync with the local machine.
Diffstat (limited to 'source/libads/sasl.c')
| -rw-r--r-- | source/libads/sasl.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/source/libads/sasl.c b/source/libads/sasl.c index 12a5722319f..c110c1d2cd7 100644 --- a/source/libads/sasl.c +++ b/source/libads/sasl.c @@ -122,7 +122,7 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip struct berval cred, *scred; int rc; - blob = spnego_gen_negTokenTarg(principal); + blob = spnego_gen_negTokenTarg(principal, ads->auth.time_offset); if (!blob.data) { return ADS_ERROR(LDAP_OPERATIONS_ERROR); @@ -144,7 +144,7 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip */ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) { - struct berval *scred; + struct berval *scred=NULL; int rc, i; ADS_STATUS status; DATA_BLOB blob; @@ -185,7 +185,8 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) } DEBUG(3,("got principal=%s\n", principal)); - if (got_kerberos_mechanism && ads_kinit_password(ads) == 0) { + if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) && + got_kerberos_mechanism && ads_kinit_password(ads) == 0) { return ads_sasl_spnego_krb5_bind(ads, principal); } |