861ab44 KRB5: Authenticate users in a non-POSIX domain using a MEMORY ccache

Authored and Committed by jhrozek 7 years ago
    KRB5: Authenticate users in a non-POSIX domain using a MEMORY ccache
    
    Related to:
    https://pagure.io/SSSD/sssd/issue/3310
    
    The following changes were done to the Kerberos authentication code
    in order to support authentication in a non-POSIX environment:
        - delayed authentication is disabled in non-POSIX domains
        - when a user logs in in a non-POSIX domain, SSSD uses a
          MEMORY:$username ccache and destroys is then krb5_child finishes
          so that just the numeric result is used
        - krb5_child doesn't drop privileges in this configuration because
          there is nothing to drop privileges to
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
    
        
file modified
+45 -17