rpms / realmd

Clone
Source Code
GIT

Blame SOURCES/0001-service-use-net-ads-join-with-k-for-user-join-as-wel.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   0a815dd0b741a54c0790a0acd7197fe08227e08a
  2.   SOURCES
  3.   0001-service-use-net-ads-join-with-k-for-user-join-as-wel.patch
Blob History Raw
5b30ee 
From f5a5b00033a3d9d55cb8661d1cf5e63facc1ea72 Mon Sep 17 00:00:00 2001
5b30ee 
From: Sumit Bose <sbose@redhat.com>
5b30ee 
Date: Tue, 11 Aug 2020 11:18:17 +0200
5b30ee 
Subject: [PATCH] service: use net ads join with -k for user join as well
5b30ee
5b30ee 
The NTLM authentication used by 'net ads join' does only support crypto
5b30ee 
algorithms which e.g. are not allowed by FIPS. It would be better to
5b30ee 
tell 'net ads join' to try Kerberos first before falling back to NTLM by
5b30ee 
adding the '-k' option.
5b30ee
5b30ee 
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859503
5b30ee 
---
5b30ee 
 service/realm-samba-enroll.c | 3 ++-
5b30ee 
 1 file changed, 2 insertions(+), 1 deletion(-)
5b30ee
5b30ee 
diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
5b30ee 
index f5edca3..3f86c51 100644
5b30ee 
--- a/service/realm-samba-enroll.c
5b30ee 
+++ b/service/realm-samba-enroll.c
5b30ee 
@@ -372,7 +372,8 @@ begin_join (GTask *task,
5b30ee 
 	} else if (join->user_name) {
5b30ee 
 		begin_net_process (join, join->password_input,
5b30ee 
 		                   on_join_do_keytab, g_object_ref (task),
5b30ee 
-		                   "-U", join->user_name, "ads", "join", join->disco->domain_name,
5b30ee 
+		                   "-U", join->user_name,
5b30ee 
+		                   "-k", "ads", "join", join->disco->domain_name,
5b30ee 
 		                   join->join_args[0], join->join_args[1],
5b30ee 
 		                   join->join_args[2], join->join_args[3],
5b30ee 
 		                   join->join_args[4], NULL);
5b30ee 
--
5b30ee 
2.26.2
5b30ee

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation