summaryrefslogtreecommitdiff
authorStef Walter <stefw@redhat.com>2013-05-13 07:29:43 (GMT)
committer Stef Walter <stefw@redhat.com>2013-05-13 07:29:43 (GMT)
commit2a231986d7b77abcf8b9ff4c20f72b71a1adf976 (patch) (side-by-side diff)
tree39a6e54b828883f03df0388f4c282b9e6b8f1fb9
parent5bb9357ddaab00cf28e2be61cd9690a2bdac60e2 (diff)
downloadadcli-2a231986d7b77abcf8b9ff4c20f72b71a1adf976.zip
adcli-2a231986d7b77abcf8b9ff4c20f72b71a1adf976.tar.gz
If automatically determining the salt fails, just guess
If automatically determining the kerberos principal salt to use fails, either due to race issues on the server, or other future problems, just guess and use a salt that usually works with Windows 2003 and 2008.
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--library/adenroll.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/library/adenroll.c b/library/adenroll.c
index eada4d4..3f3e51a 100644
--- a/library/adenroll.c
+++ b/library/adenroll.c
@@ -1273,6 +1273,8 @@ match_principal_and_kvno (krb5_context k5,
return 0;
}
+#define DEFAULT_SALT 1
+
static krb5_data *
build_principal_salts (adcli_enroll *enroll,
krb5_context k5,
@@ -1363,14 +1365,13 @@ add_principal_to_keytab (adcli_enroll *enroll,
code = _adcli_krb5_keytab_discover_salt (k5, principal, enroll->kvno, &password,
enctypes, salts, which_salt);
if (code != 0) {
- _adcli_err ("Couldn't authenticate with keytab while discover which salt to use: %s: %s",
- principal_name, krb5_get_error_message (k5, code));
- free_principal_salts (k5, salts);
- return ADCLI_ERR_DIRECTORY;
+ _adcli_warn ("Couldn't authenticate with keytab while discovering which salt to use: %s: %s",
+ principal_name, krb5_get_error_message (k5, code));
+ *which_salt = DEFAULT_SALT;
+ } else {
+ assert (*which_salt >= 0);
+ _adcli_info ("Discovered which keytab salt to use");
}
-
- assert (*which_salt >= 0);
- _adcli_info ("Discovered which keytab salt to use");
}
code = _adcli_krb5_keytab_add_entries (k5, enroll->keytab, principal,