diff options
author | Simo Sorce <ssorce@redhat.com> | 2012-09-26 18:34:57 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-10-17 13:55:11 +0200 |
commit | 2d42737d018ac09253f73c89a90f21dddce4fc6c (patch) | |
tree | 9efb6a8e326e9ba379d9edf84aac83832e526482 /ipaserver | |
parent | 21d893ddde06fb247093eccb409da546e0cf84d4 (diff) | |
download | freeipa-2d42737d018ac09253f73c89a90f21dddce4fc6c.tar.gz freeipa-2d42737d018ac09253f73c89a90f21dddce4fc6c.tar.xz freeipa-2d42737d018ac09253f73c89a90f21dddce4fc6c.zip |
Add support for using AES fo cross-realm TGTs
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/dcerpc.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 80e6b7c8..c40313a6 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -375,10 +375,19 @@ class TrustDomainInstance(object): except RuntimeError, e: pass try: - self._pipe.CreateTrustedDomainEx2(self._policy_handle, info, self.auth_info, security.SEC_STD_DELETE) + trustdom_handle = self._pipe.CreateTrustedDomainEx2(self._policy_handle, info, self.auth_info, security.SEC_STD_DELETE) except RuntimeError, (num, message): raise assess_dcerpc_exception(num=num, message=message) + try: + infoclass = lsa.TrustDomainInfoSupportedEncTypes() + infoclass.enc_types = security.KERB_ENCTYPE_RC4_HMAC_MD5 + infoclass.enc_types |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + infoclass.enc_types |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 + self._pipe.SetInformationTrustedDomain(trustdom_handle, lsa.LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES, infoclass) + except RuntimeError, e: + pass + def verify_trust(self, another_domain): def retrieve_netlogon_info_2(domain, function_code, data): try: |