summaryrefslogtreecommitdiffstats
path: root/source4/kdc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-10-03 20:22:38 +1100
committerMatthias Dieter Wallnöfer <mdw@sn-devel-104.sn.samba.org>2010-10-03 15:23:19 +0000
commitdcb1a0698acbd89df0f658778ce95825436d3847 (patch)
tree58e79773c4c478342d1f90264b7ce2b13e9bdbbe /source4/kdc
parenta095a08e252588996c499f071aae2abae419a5c7 (diff)
downloadsamba-dcb1a0698acbd89df0f658778ce95825436d3847.tar.gz
samba-dcb1a0698acbd89df0f658778ce95825436d3847.tar.xz
samba-dcb1a0698acbd89df0f658778ce95825436d3847.zip
s4-kdc Remove special case kerberos restriction in the KDC
We should avoid using Kerberos or any other recursive auth mechanism in ldb backends, but denying Kerberos here won't be enough, so remove the special case. (Typcially we bind using a different password space and DIGEST-MD5 or NTLM). Andrew Bartlett
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/db-glue.c16
1 files changed, 0 insertions, 16 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 581328d864a..04516344e69 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1654,26 +1654,10 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
kdc_db_ctx->ev_ctx = base_ctx->ev_ctx;
kdc_db_ctx->lp_ctx = base_ctx->lp_ctx;
-#if 1
- /* we would prefer to use system_session(), as that would
- * allow us to share the samdb backend context with other parts of the
- * system. For now we can't as we need to override the
- * credentials to set CRED_DONT_USE_KERBEROS, which would
- * break other users of the system_session */
- DEBUG(0,("FIXME: Using new system session for hdb\n"));
- nt_status = auth_system_session_info(kdc_db_ctx, base_ctx->lp_ctx, &session_info);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-#else
session_info = system_session(kdc_db_ctx->lp_ctx);
if (session_info == NULL) {
return NT_STATUS_INTERNAL_ERROR;
}
-#endif
-
- cli_credentials_set_kerberos_state(session_info->credentials,
- CRED_DONT_USE_KERBEROS);
/* Setup the link to LDB */
kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx, base_ctx->ev_ctx,