authpolicy: Set strong Kerberos encryption types in smb.conf Samba internally creates a krb5.conf file that by default contains encryption types we consider weak. This CL sets a parameter in smb.conf that forces Samba to use strong entryption types only. CQ-DEPEND=CL:430692 BUG=chromium:662390 TEST=Verified that the internally created entryption types are strong. Change-Id: I09035188f333559e38508cebd3bdaa48000ae7f6 Reviewed-on: https://chromium-review.googlesource.com/430671 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Thiemo Nagel <tnagel@chromium.org>

commit: 061588e616785df2a364be73a8fb513c908356fc [log] [tgz]
author: Lutz Justen <ljusten@chromium.org> Thu Jan 19 14:45:55 2017 +0100
committer: chrome-bot <chrome-bot@chromium.org> Fri Jan 20 02:01:17 2017 -0800
tree: 601f64cd9d5d1d3c4c3c3bf6aee8a7ec043ef2cc
parent: 1f48fe9322d5c5a662a8fc076805d121e947768e [diff]
diff --git a/authpolicy/samba_interface.cc b/authpolicy/samba_interface.cc
index 97aafec..f9df0ad 100644
--- a/authpolicy/samba_interface.cc
+++ b/authpolicy/samba_interface.cc

@@ -62,6 +62,7 @@
     "\tstate directory = " SAMBA_TMP_DIR "/state\n"
     "\tprivate directory = " SAMBA_TMP_DIR "/private\n"
     "\tkerberos method = secrets and keytab\n"
+    "\tkerberos encryption types = strong\n"
     "\tclient signing = mandatory\n"
     "\tclient min protocol = SMB2\n"
     // TODO(ljusten): Remove this line once crbug.com/662440 is resolved.
commit	061588e616785df2a364be73a8fb513c908356fc	[log] [tgz]
author	Lutz Justen <ljusten@chromium.org>	Thu Jan 19 14:45:55 2017 +0100
committer	chrome-bot <chrome-bot@chromium.org>	Fri Jan 20 02:01:17 2017 -0800
tree	601f64cd9d5d1d3c4c3c3bf6aee8a7ec043ef2cc
parent	1f48fe9322d5c5a662a8fc076805d121e947768e [diff]