diff options
author | Stef Walter <stefw@redhat.com> | 2013-05-13 09:29:43 +0200 |
---|---|---|
committer | Stef Walter <stefw@redhat.com> | 2013-05-13 09:29:43 +0200 |
commit | 2a231986d7b77abcf8b9ff4c20f72b71a1adf976 (patch) | |
tree | 39a6e54b828883f03df0388f4c282b9e6b8f1fb9 | |
parent | 5bb9357ddaab00cf28e2be61cd9690a2bdac60e2 (diff) |
If automatically determining the salt fails, just guess
If automatically determining the kerberos principal salt to use fails,
either due to race issues on the server, or other future problems,
just guess and use a salt that usually works with Windows 2003 and 2008.
-rw-r--r-- | library/adenroll.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/library/adenroll.c b/library/adenroll.c index eada4d4..3f3e51a 100644 --- a/library/adenroll.c +++ b/library/adenroll.c | |||
@@ -1273,6 +1273,8 @@ match_principal_and_kvno (krb5_context k5, | |||
1273 | return 0; | 1273 | return 0; |
1274 | } | 1274 | } |
1275 | 1275 | ||
1276 | #define DEFAULT_SALT 1 | ||
1277 | |||
1276 | static krb5_data * | 1278 | static krb5_data * |
1277 | build_principal_salts (adcli_enroll *enroll, | 1279 | build_principal_salts (adcli_enroll *enroll, |
1278 | krb5_context k5, | 1280 | krb5_context k5, |
@@ -1363,14 +1365,13 @@ add_principal_to_keytab (adcli_enroll *enroll, | |||
1363 | code = _adcli_krb5_keytab_discover_salt (k5, principal, enroll->kvno, &password, | 1365 | code = _adcli_krb5_keytab_discover_salt (k5, principal, enroll->kvno, &password, |
1364 | enctypes, salts, which_salt); | 1366 | enctypes, salts, which_salt); |
1365 | if (code != 0) { | 1367 | if (code != 0) { |
1366 | _adcli_err ("Couldn't authenticate with keytab while discover which salt to use: %s: %s", | 1368 | _adcli_warn ("Couldn't authenticate with keytab while discovering which salt to use: %s: %s", |
1367 | principal_name, krb5_get_error_message (k5, code)); | 1369 | principal_name, krb5_get_error_message (k5, code)); |
1368 | free_principal_salts (k5, salts); | 1370 | *which_salt = DEFAULT_SALT; |
1369 | return ADCLI_ERR_DIRECTORY; | 1371 | } else { |
1372 | assert (*which_salt >= 0); | ||
1373 | _adcli_info ("Discovered which keytab salt to use"); | ||
1370 | } | 1374 | } |
1371 | |||
1372 | assert (*which_salt >= 0); | ||
1373 | _adcli_info ("Discovered which keytab salt to use"); | ||
1374 | } | 1375 | } |
1375 | 1376 | ||
1376 | code = _adcli_krb5_keytab_add_entries (k5, enroll->keytab, principal, | 1377 | code = _adcli_krb5_keytab_add_entries (k5, enroll->keytab, principal, |