authpolicy: Set strong Kerberos encryption types in smb.conf
Samba internally creates a krb5.conf file that by default contains
encryption types we consider weak. This CL sets a parameter in
smb.conf that forces Samba to use strong entryption types only.
CQ-DEPEND=CL:430692
BUG=chromium:662390
TEST=Verified that the internally created entryption types are strong.
Change-Id: I09035188f333559e38508cebd3bdaa48000ae7f6
Reviewed-on: https://chromium-review.googlesource.com/430671
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Thiemo Nagel <tnagel@chromium.org>
diff --git a/authpolicy/samba_interface.cc b/authpolicy/samba_interface.cc
index 97aafec..f9df0ad 100644
--- a/authpolicy/samba_interface.cc
+++ b/authpolicy/samba_interface.cc
@@ -62,6 +62,7 @@
"\tstate directory = " SAMBA_TMP_DIR "/state\n"
"\tprivate directory = " SAMBA_TMP_DIR "/private\n"
"\tkerberos method = secrets and keytab\n"
+ "\tkerberos encryption types = strong\n"
"\tclient signing = mandatory\n"
"\tclient min protocol = SMB2\n"
// TODO(ljusten): Remove this line once crbug.com/662440 is resolved.