diff options
| author | Sumit Bose <sbose@redhat.com> | 2012-12-17 22:14:55 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-12-18 20:15:06 +0100 |
| commit | 4fd6ea53ae9b95633fbe3ce374effedfd5a9091c (patch) | |
| tree | 658c1403ec4f2003fb5efcbdb350908b735812b1 | |
| parent | 4bbf95ee2dfa7f5bf947306a5dc91ff9cd4ad2ac (diff) | |
| download | sssd-1.9.2-51.tar.gz sssd-1.9.2-51.tar.xz sssd-1.9.2-51.zip | |
select_principal_from_keytab() do wildcard lookups after specific ones1.9.2-51
Currently the wildcard lookup '*$' is done before the one for
host/our.hostname@REALM. This means we would ignore a more specific
match in favour of an unspecific match with a principal which is only
used in a AD environment.
I think this is wrong an wildcards should only be used is all specific
lookups fail.
| -rw-r--r-- | src/util/sss_krb5.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 0eb032a76..1b8dc79b2 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -51,15 +51,15 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, * Priority of lookup: * - our.hostname@REALM or host/our.hostname@REALM depending on the input * - our.hostname$@REALM (AD domain) - * - foobar$@REALM (AD domain) * - host/our.hostname@REALM + * - foobar$@REALM (AD domain) * - host/foobar@REALM * - host/foo@BAR * - pick the first principal in the keytab */ - const char *primary_patterns[] = {"%s", "%s$", "*$", "host/%s", "host/*", + const char *primary_patterns[] = {"%s", "%s$", "host/%s", "*$", "host/*", "host/*", NULL}; - const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s", + const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s", NULL, NULL}; DEBUG(5, ("trying to select the most appropriate principal from keytab\n")); |