Include pac_check patch

This commit is contained in:
Pavel Březina 2022-06-09 10:50:23 +02:00
parent ec123cd550
commit 450f45b104

View File

@ -0,0 +1,49 @@
From 55e93cf1cf4d61c6de7975cbdc97a723545586c0 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 8 Jun 2022 10:11:15 +0200
Subject: [PATCH] pac: relax default for pac_check option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
PAC might not be always present, especially in IPA environments. So the
default of pac_check should not contain 'pac_present'.
Resolves: https://github.com/SSSD/sssd/issues/5868
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/confdb/confdb.h | 2 +-
src/man/sssd.conf.5.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index d9fe571ded2d4ed19fe8e18466eab81b81148844..83f6be7f9a142464d63c06bc6d8828ffffa9625b 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -181,7 +181,7 @@
#define CONFDB_PAC_LIFETIME "pac_lifetime"
#define CONFDB_PAC_CHECK "pac_check"
#define CONFDB_PAC_CHECK_DEFAULT "no_check"
-#define CONFDB_PAC_CHECK_IPA_AD_DEFAULT "pac_present, check_upn, check_upn_dns_info_ex"
+#define CONFDB_PAC_CHECK_IPA_AD_DEFAULT "check_upn, check_upn_dns_info_ex"
/* InfoPipe */
#define CONFDB_IFP_CONF_ENTRY "config/ifp"
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 70544742740946f3e0ba1568d34e8bdebface072..e921ba575c2f2f69d9d7abe0211f80b44dca9cf4 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2298,7 +2298,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit
</para>
<para>
Default: no_check (AD and IPA provider
- 'pac_present, check_upn, check_upn_dns_info_ex')
+ 'check_upn, check_upn_dns_info_ex')
</para>
</listitem>
</varlistentry>
--
2.34.3