diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-01-29 17:19:14 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-03-10 11:37:22 +0100 |
commit | 209886e95c3afe1e4e50bacc30b40a543856a7a0 (patch) | |
tree | 408559b0c6dafad9f5d011b8bf779f5bfd5809c8 /source4/heimdal | |
parent | b8bca7d08fe05758e536767b1146cdcdd8b9fee3 (diff) | |
download | samba-209886e95c3afe1e4e50bacc30b40a543856a7a0.tar.gz |
HEIMDAL:kdc: make it possible to disable the principal based referral detection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/heimdal')
-rw-r--r-- | source4/heimdal/kdc/default_config.c | 1 | ||||
-rw-r--r-- | source4/heimdal/kdc/kdc.h | 2 | ||||
-rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 4 |
3 files changed, 6 insertions, 1 deletions
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 6fbf5fdae15..0129c5d3c54 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -55,6 +55,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->preauth_use_strongest_session_key = FALSE; c->tgs_use_strongest_session_key = FALSE; c->use_strongest_server_key = TRUE; + c->autodetect_referrals = TRUE; c->check_ticket_addresses = TRUE; c->allow_null_ticket_addresses = TRUE; c->allow_anonymous = FALSE; diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index 9d52fd4c2ec..16263d6919b 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -69,6 +69,8 @@ typedef struct krb5_kdc_configuration { krb5_boolean allow_anonymous; enum krb5_kdc_trpolicy trpolicy; + krb5_boolean autodetect_referrals; + krb5_boolean enable_pkinit; krb5_boolean pkinit_princ_in_cert; const char *pkinit_kdc_identity; diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 334a6eb1dc8..a888788bb6f 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1660,7 +1660,9 @@ server_lookup: Realm req_rlm; krb5_realm *realms; - if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { + if (!config->autodetect_referrals) { + /* noop */ + } else if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { if(nloop++ < 2) { new_rlm = find_rpath(context, tgt->crealm, req_rlm); if(new_rlm) { |