Bug 15635 - Do not fail PAC validation for RFC8009 checksums types
Summary: Do not fail PAC validation for RFC8009 checksums types
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.20.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-16 07:24 UTC by Andreas Schneider
Modified: 2024-05-08 08:06 UTC (History)
2 users (show)

See Also:

Attachments
patch for 4.20 (4.81 KB, patch)
2024-04-16 07:25 UTC, Andreas Schneider 		ab: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2024-04-16 07:24:07 UTC 
While Active Directory does not support yet RFC 8009 encryption and checksum types, it is possible to verify these checksums when running with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA domain controller which uses them by default.
Comment 1 Andreas Schneider 2024-04-16 07:25:23 UTC 
Created attachment 18287 [details]
patch for 4.20
Comment 2 Alexander Bokovoy 2024-04-16 07:26:33 UTC 
Comment on attachment 18287 [details]
patch for 4.20

LGTM.
Comment 3 Andreas Schneider 2024-04-16 08:30:17 UTC 
Jule, please include the patch in 4.20. Thanks!
Comment 4 Jule Anger 2024-04-16 08:40:20 UTC 
Pushed to autobuild-v4-20-test.
Comment 5 Samba QA Contact 2024-04-16 12:25:11 UTC 
This bug was referenced in samba v4-20-test:

215bb9bd48e9aae04ff39633f6dd9255a989bf98
Comment 6 Jule Anger 2024-04-16 12:31:08 UTC 
Closing out bug report.

Thanks!
Comment 7 Samba QA Contact 2024-05-08 08:06:58 UTC 
This bug was referenced in samba v4-20-stable (Release samba-4.20.1):

215bb9bd48e9aae04ff39633f6dd9255a989bf98