In at least one case on Win2003 it appears that it is possible
for the logon session to be authenticated via NTLM and yet for
there to be Kerberos credentials obtained by the LSA on behalf
of the logged in user. Therefore, we are removing the test
for IsKerberosLogon() within krb5_lcc_resolve()
which was meant to avoid the need to perform GetMSTGT() when
there was no possibility of credentials being found.
ticket: new
tags: pullup
target_version: next
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16235
dc483132-0cff-0310-8789-
dd5450dbe970
+2004-04-06 Jeffrey Altman <jaltman@mit.edu>
+
+ * cc_mslsa.c:
+ In at least one case on Win2003 it appears that it is possible
+ for the logon session to be authenticated via NTLM and yet for
+ there to be Kerberos credentials obtained by the LSA on behalf
+ of the logged in user. Therefore, we are removing the test
+ for IsKerberosLogon() within krb5_lcc_resolve()
+ which was meant to avoid the need to perform GetMSTGT() when
+ there was no possibility of credentials being found.
+
2004-03-31 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Add IsWindows2000() function and use it to return
if (!IsWindows2000())
return KRB5_FCC_NOFILE;
+#ifdef COMMENT
+ /* In at least one case on Win2003 it appears that it is possible
+ * for the logon session to be authenticated via NTLM and yet for
+ * there to be Kerberos credentials obtained by the LSA on behalf
+ * of the logged in user. Therefore, we are removing this test
+ * which was meant to avoid the need to perform GetMSTGT() when
+ * there was no possibility of credentials being found.
+ */
if (!IsKerberosLogon())
return KRB5_FCC_NOFILE;
+#endif
if(!PackageConnectLookup(&LogonHandle, &PackageId))
return KRB5_FCC_NOFILE;
projects / krb5.git / commitdiff