SSSD / sssd

Clone

fa4a9c4 krb5: do not send pac for IPA users from the local domain

5 files Authored by sbose 10 years ago, Committed by jhrozek 10 years ago,
raw patch tree parent
5 files changed. 20 lines added. 10 lines removed.
src/providers/ipa/ipa_init.c
file modified
+1 -0
src/providers/krb5/krb5_auth.h
file modified
+1 -0
src/providers/krb5/krb5_child.c
file modified
+7 -7
src/providers/krb5/krb5_child_handler.c
file modified
+9 -3
src/providers/krb5/krb5_common.h
file modified
+2 -0 
    krb5: do not send pac for IPA users from the local domain
    
    So far we didn't send the PAC of IPA users to the PAC responder during
    password authentication because group memberships for IPA users can be
    retrieved efficiently with LDAP calls. Recently patches added PAC
    support for the AD provider as well and removed the restriction for the
    IPA users. This patch restores the original behaviour by introducing a
    new flag in struct krb5_ctx which is only set for the IPA provider.
    Additionally a different flag is renamed to make it's purpose more
    clear.
    
    Fixes https://fedorahosted.org/sssd/ticket/1995
file modified
+1 -0
file modified
+1 -0
file modified
+7 -7
file modified
+9 -3
file modified
+2 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.