if (!is_kadmin_changepw) {
if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT && canon) {
/*
- * When requested to do so, ensure that the
- * both realm values in the principal are set
+ * When requested to do so, ensure that both
+ * the realm values in the principal are set
* to the upper case, canonical realm
*/
code = smb_krb5_make_principal(context,
/* Windows 2008 seems to enforce this (very sensible) rule by
* default - don't allow offline attacks on a user's password
* by asking for a ticket to them as a service (encrypted with
- * their probably patheticly insecure password) */
+ * their probably pathetically insecure password) */
if (entry->flags.server
&& lpcfg_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) {
/* Domain trust - we cannot check the sig, but we trust it for a correct PAC
This is exactly where we should flag for SID
- validation when we do inter-foreest trusts
+ validation when we do inter-forest trusts
*/
talloc_free(mem_ctx);
*is_trusted = true;
struct samba_kdc_entry {
struct samba_kdc_db_context *kdc_db_ctx;
- const struct sdb_entry *db_entry; /* this is only temporary valid */
+ const struct sdb_entry *db_entry; /* this is only temporarily valid */
const void *kdc_entry; /* this is a reference to hdb_entry/krb5_db_entry */
struct ldb_message *msg;
struct ldb_dn *realm_dn;
return ret;
}
-/* Resign (and reform, including possibly new groups) a PAC */
+/* Re-sign (and reform, including possibly new groups) a PAC */
static krb5_error_code samba_wdc_reget_pac(void *priv, astgs_request_t r,
krb5_const_principal _client_principal,
projects / thirdparty / samba.git / commitdiff
