-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Bartlett schrieb:
| On Thu, 2004-12-23 at 13:23, metze@samba.org wrote:
|
|>Author: metze
|>Date: 2004-12-23 02:23:42 +0000 (Thu, 23 Dec 2004)
|>New Revision: 4338
|>
|>WebSVN: http://websvn.samba.org/cgi-bin/view...samba&rev=4338
|>
|>Log:
|>reuse netlogon structs in the krb5 PAC
|>that simplifies the code a lot...
|>
|>also add a note: we should fail the krb5 auth if there's no
|>PAC present (when heimdal is ready for that:-)
|
|
| On this point I disagree. We should support logins against an 'MIT'
| server (that is, as server not doing PAC stuff), and figure out the
| gorups another way. One way might be this kind of local SAM lookup, or
| a different plugin for group lookups.

maybe we can make this configurable, with the default to disallow PAC'less krb5,
but we'll see...



- --
metze

Stefan Metzmacher www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFByxT7m70gjA5TCD8RAuvpAJ4yypLmM+gH8HRU0MluFt aT/n+CtACfXDKO
uLjjfU0KtpVhlfoeYx7zbE4=
=HhHt
-----END PGP SIGNATURE-----