lib:param: Add 'client use kerberos' config parameter

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 14 insertions, 0 deletions

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 078e67db48f..4f4912c70e4 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -75,6 +75,7 @@
 #include "libcli/auth/ntlm_check.h"
 #include "lib/crypto/gnutls_helpers.h"
 #include "lib/util/string_wrappers.h"
+#include "auth/credentials/credentials.h"
 
 #ifdef HAVE_SYS_SYSCTL_H
 #include <sys/sysctl.h>
@@ -956,6 +957,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
 	Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
 
+	Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
+
 	/* Now put back the settings that were set with lp_set_cmdline() */
 	apply_lp_set_cmdline();
 }
@@ -4708,6 +4711,16 @@ int lp_client_ipc_signing(void)
 	return client_ipc_signing;
 }
 
+enum credentials_use_kerberos lp_client_use_kerberos(void)
+{
+	if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+		return CRED_USE_KERBEROS_REQUIRED;
+	}
+
+	return lp__client_use_kerberos();
+}
+
+
 int lp_rpc_low_port(void)
 {
 	return Globals.rpc_low_port;
diff --git a/source3/param/loadparm.h b/source3/param/loadparm.h
index 7686877ccf1..9f7b4bd1cdb 100644
--- a/source3/param/loadparm.h
+++ b/source3/param/loadparm.h
@@ -56,6 +56,7 @@ int lp_client_max_protocol(void);
 int lp_client_ipc_min_protocol(void);
 int lp_client_ipc_max_protocol(void);
 int lp_client_ipc_signing(void);
+enum credentials_use_kerberos lp_client_use_kerberos(void);
 int lp_smb2_max_credits(void);
 int lp_cups_encrypt(void);
 bool lp_widelinks(int );