2f295ac01f
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
realm join
- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
default for AD Provider
- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
parent directory when logging in
40 lines
1.6 KiB
Diff
40 lines
1.6 KiB
Diff
From 517ba52c518eb747ccb2a76d75a7ec88fc870cf4 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Mon, 13 May 2013 14:25:15 +0200
|
|
Subject: [PATCH] Always update cached upn if enterprise principals are used
|
|
|
|
Instead of continuing to use the initial upn if enterprise principals
|
|
are used if should always be replaced. The enterprise principal
|
|
is stored in the credential cache and without knowing it the
|
|
ccache_for_princ() calls to determine the location of the credential
|
|
cache will fail.
|
|
|
|
Fixes https://fedorahosted.org/sssd/ticket/1921
|
|
---
|
|
src/providers/krb5/krb5_auth.c | 7 ++++---
|
|
1 files changed, 4 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
|
|
index 6d7494c..f65e599 100644
|
|
--- a/src/providers/krb5/krb5_auth.c
|
|
+++ b/src/providers/krb5/krb5_auth.c
|
|
@@ -913,11 +913,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
|
|
KRB5_USE_ENTERPRISE_PRINCIPAL);
|
|
|
|
/* Check if the cases of our upn are correct and update it if needed.
|
|
- * Fail if the upn differs by more than just the case. */
|
|
+ * Fail if the upn differs by more than just the case for non-enterprise
|
|
+ * principals. */
|
|
if (res->correct_upn != NULL &&
|
|
- use_enterprise_principal == false &&
|
|
strcmp(kr->upn, res->correct_upn) != 0) {
|
|
- if (strcasecmp(kr->upn, res->correct_upn) == 0) {
|
|
+ if (strcasecmp(kr->upn, res->correct_upn) == 0 ||
|
|
+ use_enterprise_principal == true) {
|
|
talloc_free(kr->upn);
|
|
kr->upn = talloc_strdup(kr, res->correct_upn);
|
|
if (kr->upn == NULL) {
|
|
--
|
|
1.7.7.6
|
|
|