[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Patch to prevent krb5Key attrs in Samba LDAP entries
The following patch keeps Samba LDAP entries from being populated with
krb5Key LDAP attributes even if other Kerberos attributes are available.
This accomplishes the following:
- ensures Heimdal and Samba share only 1 key
- removes the need for the smbk5pwd overlay for Heimdal/Samba
syncing
- prevents the unnecessary addition of the krb5EncryptionType
attribute
This probably isn't the best way to handle this as there's no configuration
option, so I'd appreciate any comments on this issue.
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh@cise.ufl.edu http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
diff -ur heimdal-20050510/lib/hdb/hdb-ldap.c heimdal-20050510.mod/lib/hdb/hdb-ldap.c
--- heimdal-20050510/lib/hdb/hdb-ldap.c 2005-04-18 04:03:54.000000000 -0400
+++ heimdal-20050510.mod/lib/hdb/hdb-ldap.c 2005-05-11 16:53:59.161951000 -0400
@@ -648,7 +648,7 @@
goto out;
}
- } else if (is_heimdal_entry) {
+ } else if (is_heimdal_entry && !is_samba_account) {
unsigned char *buf;
size_t len, buf_size;
@@ -665,6 +665,7 @@
}
}
+#if 0
if (ent->etypes) {
/* clobber and replace encryption types. */
if (!is_new_entry) {
@@ -691,6 +692,7 @@
}
}
}
+#endif
/* for clarity */
ret = 0;