Commit - freeipa - 88c1293f3a92451b6d5d5f7cb1a81d55a789b793

freeipa

`88c1293` ipa-kdb: fix PAC requester check

Authored and Committed by abbra a year ago

raw patch tree parent

1 file changed. 3 lines added. 3 lines removed.

    ipa-kdb: fix PAC requester check
    
    PAC requester check was incorrect for in-realm S4U operations. It casted
    too wide check which denied some legitimate requests. Fix that by only
    applying rejection to non-S4U unknown SIDs, otherwise S4U2Self request
    issued by the in-realm service against a trusted domain's user would not
    work.
    
    Related: https://pagure.io/freeipa/issue/9083
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Julien Rische <jrische@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>

daemons/ipa-kdb/ipa_kdb_mspac.c

file modified

+3 -3

freeipa

Source Code

88c1293 ipa-kdb: fix PAC requester check

Authored and Committed by abbra a year ago

`88c1293` ipa-kdb: fix PAC requester check