From 053ef0f605e8e99bf10e784cf383f954a6940d0a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 28 Apr 2011 17:10:03 +0200 Subject: s4:auth/credentials: S4U2Self should force CRED_MUST_USE_KERBEROS Otherwise we would not impersonate the desired principal. This still doesn't work for plaintext auth, but should avoid ntlmssp. metze --- source4/auth/credentials/credentials_krb5.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index 5883282c250..bfba1679f74 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -813,6 +813,7 @@ _PUBLIC_ void cli_credentials_set_impersonate_principal(struct cli_credentials * cred->impersonate_principal = talloc_strdup(cred, principal); talloc_free(cred->self_service); cred->self_service = talloc_strdup(cred, self_service); + cli_credentials_set_kerberos_state(cred, CRED_MUST_USE_KERBEROS); } /* -- cgit v1.2.1