Index: include/ads.h =================================================================== RCS file: /home/cvs/samba/source/include/ads.h,v retrieving revision 1.12.2.14 diff -u -r1.12.2.14 ads.h --- include/ads.h 22 Mar 2004 22:49:40 -0000 1.12.2.14 +++ include/ads.h 23 Mar 2004 20:28:08 -0000 @@ -29,6 +29,7 @@ char *kdc_server; unsigned flags; int time_offset; + time_t expire; } auth; /* info derived from the servers config */ Index: libads/kerberos.c =================================================================== RCS file: /home/cvs/samba/source/libads/kerberos.c,v retrieving revision 1.12.2.5 diff -u -r1.12.2.5 kerberos.c --- libads/kerberos.c 24 Oct 2002 01:05:30 -0000 1.12.2.5 +++ libads/kerberos.c 23 Mar 2004 20:28:08 -0000 @@ -54,7 +54,7 @@ simulate a kinit, putting the tgt in the default cache location remus@snapserver.com */ -int kerberos_kinit_password(const char *principal, const char *password, int time_offset) +int kerberos_kinit_password(const char *principal, const char *password, int time_offset, time_t *expire_time) { krb5_context ctx; krb5_error_code code = 0; @@ -102,6 +102,9 @@ return code; } + if (expire_time) + *expire_time = (time_t) my_creds.times.endtime; + krb5_cc_close(ctx, cc); krb5_free_cred_contents(ctx, &my_creds); krb5_free_principal(ctx, me); @@ -126,7 +129,7 @@ return KRB5_LIBOS_CANTREADPWD; } - ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset); + ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire); if (ret) { DEBUG(0,("kerberos_kinit_password %s failed: %s\n", Index: libads/krb5_setpw.c =================================================================== RCS file: /home/cvs/samba/source/libads/krb5_setpw.c,v retrieving revision 1.7.2.14 diff -u -r1.7.2.14 krb5_setpw.c --- libads/krb5_setpw.c 19 Aug 2003 22:47:10 -0000 1.7.2.14 +++ libads/krb5_setpw.c 23 Mar 2004 20:28:08 -0000 @@ -642,7 +642,7 @@ { int ret; - if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset))) { + if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); return ADS_ERROR_KRB5(ret); } Index: libsmb/cliconnect.c =================================================================== RCS file: /home/cvs/samba/source/libsmb/cliconnect.c,v retrieving revision 1.71.2.54 diff -u -r1.71.2.54 cliconnect.c --- libsmb/cliconnect.c 19 Mar 2004 16:22:47 -0000 1.71.2.54 +++ libsmb/cliconnect.c 23 Mar 2004 20:28:09 -0000 @@ -718,7 +718,7 @@ int ret; use_in_memory_ccache(); - ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */); + ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL); if (ret){ DEBUG(0, ("Kinit failed: %s\n", error_message(ret))); Index: nsswitch/winbindd_ads.c =================================================================== RCS file: /home/cvs/samba/source/nsswitch/winbindd_ads.c,v retrieving revision 1.43.2.39 diff -u -r1.43.2.39 winbindd_ads.c --- nsswitch/winbindd_ads.c 22 Mar 2004 22:57:21 -0000 1.43.2.39 +++ nsswitch/winbindd_ads.c 23 Mar 2004 20:28:10 -0000 @@ -43,7 +43,7 @@ ads = (ADS_STRUCT *)domain->private; /* check for a valid structure */ - if ( ads->config.realm ) { + if ( ads->config.realm && (ads->auth.expire > time(NULL))) { return ads; } else { Index: utils/ntlm_auth.c =================================================================== RCS file: /home/cvs/samba/source/utils/ntlm_auth.c,v retrieving revision 1.6.2.43 diff -u -r1.6.2.43 ntlm_auth.c --- utils/ntlm_auth.c 11 Mar 2004 22:48:24 -0000 1.6.2.43 +++ utils/ntlm_auth.c 23 Mar 2004 20:28:11 -0000 @@ -1111,7 +1111,8 @@ pstr_sprintf(user, "%s@%s", opt_username, opt_domain); - if ((retval = kerberos_kinit_password(user, opt_password, 0))) { + if ((retval = kerberos_kinit_password(user, opt_password, + 0, NULL))) { DEBUG(10, ("Requesting TGT failed: %s\n", error_message(retval))); x_fprintf(x_stdout, "NA\n"); return True;