diff options
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2004-04-06 17:36:44 +0000 |
|---|---|---|
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2004-04-06 17:36:44 +0000 |
| commit | 0f70ce0814ae83623a1188210fa36071d4ddec79 (patch) | |
| tree | 40f606b72d35e408958ba7986f4a9089f6978499 /src | |
| parent | 284a093555f87a71bb5b2a0701146830d8ba6dff (diff) | |
| download | krb5-0f70ce0814ae83623a1188210fa36071d4ddec79.tar.gz krb5-0f70ce0814ae83623a1188210fa36071d4ddec79.tar.xz krb5-0f70ce0814ae83623a1188210fa36071d4ddec79.zip | |
* cc_mslsa.c:
In at least one case on Win2003 it appears that it is possible
for the logon session to be authenticated via NTLM and yet for
there to be Kerberos credentials obtained by the LSA on behalf
of the logged in user. Therefore, we are removing the test
for IsKerberosLogon() within krb5_lcc_resolve()
which was meant to avoid the need to perform GetMSTGT() when
there was no possibility of credentials being found.
ticket: new
tags: pullup
target_version: next
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16235 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/ccache/ChangeLog | 11 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/cc_mslsa.c | 9 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index 61e7a665cd..ad73c2a549 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,14 @@ +2004-04-06 Jeffrey Altman <jaltman@mit.edu> + + * cc_mslsa.c: + In at least one case on Win2003 it appears that it is possible + for the logon session to be authenticated via NTLM and yet for + there to be Kerberos credentials obtained by the LSA on behalf + of the logged in user. Therefore, we are removing the test + for IsKerberosLogon() within krb5_lcc_resolve() + which was meant to avoid the need to perform GetMSTGT() when + there was no possibility of credentials being found. + 2004-03-31 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Add IsWindows2000() function and use it to return diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index 0caf65a28c..9d06753590 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -1126,8 +1126,17 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) if (!IsWindows2000()) return KRB5_FCC_NOFILE; +#ifdef COMMENT + /* In at least one case on Win2003 it appears that it is possible + * for the logon session to be authenticated via NTLM and yet for + * there to be Kerberos credentials obtained by the LSA on behalf + * of the logged in user. Therefore, we are removing this test + * which was meant to avoid the need to perform GetMSTGT() when + * there was no possibility of credentials being found. + */ if (!IsKerberosLogon()) return KRB5_FCC_NOFILE; +#endif if(!PackageConnectLookup(&LogonHandle, &PackageId)) return KRB5_FCC_NOFILE; |