diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-10-03 20:22:38 +1100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@sn-devel-104.sn.samba.org> | 2010-10-03 15:23:19 +0000 |
commit | dcb1a0698acbd89df0f658778ce95825436d3847 (patch) | |
tree | 58e79773c4c478342d1f90264b7ce2b13e9bdbbe /source4/kdc | |
parent | a095a08e252588996c499f071aae2abae419a5c7 (diff) | |
download | samba-dcb1a0698acbd89df0f658778ce95825436d3847.tar.gz samba-dcb1a0698acbd89df0f658778ce95825436d3847.tar.xz samba-dcb1a0698acbd89df0f658778ce95825436d3847.zip |
s4-kdc Remove special case kerberos restriction in the KDC
We should avoid using Kerberos or any other recursive auth mechanism
in ldb backends, but denying Kerberos here won't be enough, so
remove the special case. (Typcially we bind using a different password
space and DIGEST-MD5 or NTLM).
Andrew Bartlett
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/db-glue.c | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 581328d864a..04516344e69 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1654,26 +1654,10 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte kdc_db_ctx->ev_ctx = base_ctx->ev_ctx; kdc_db_ctx->lp_ctx = base_ctx->lp_ctx; -#if 1 - /* we would prefer to use system_session(), as that would - * allow us to share the samdb backend context with other parts of the - * system. For now we can't as we need to override the - * credentials to set CRED_DONT_USE_KERBEROS, which would - * break other users of the system_session */ - DEBUG(0,("FIXME: Using new system session for hdb\n")); - nt_status = auth_system_session_info(kdc_db_ctx, base_ctx->lp_ctx, &session_info); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } -#else session_info = system_session(kdc_db_ctx->lp_ctx); if (session_info == NULL) { return NT_STATUS_INTERNAL_ERROR; } -#endif - - cli_credentials_set_kerberos_state(session_info->credentials, - CRED_DONT_USE_KERBEROS); /* Setup the link to LDB */ kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx, base_ctx->ev_ctx, |