summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2015-07-31 11:06:54 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-08-05 14:10:24 +0200
commit67c68b563e1afc409aeadbcc828f9bdf33c57c84 (patch)
treeacba594f30f086686d885516bcad5cae6b6e49ab
parent05ed6a29cbd3cbec177364487a2afeade51d6546 (diff)
downloadsssd-67c68b563e1afc409aeadbcc828f9bdf33c57c84.tar.gz
sssd-67c68b563e1afc409aeadbcc828f9bdf33c57c84.tar.xz
sssd-67c68b563e1afc409aeadbcc828f9bdf33c57c84.zip
krb5: assume online state if KDC proxy is configured
If a KDC proxy is configured a request in the KRB5 provider will assume online state even if the backend is offline without changing the state of the backend. Resolves https://fedorahosted.org/sssd/ticket/2700 Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r--src/providers/krb5/krb5_auth.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 1c55ec3fc..d35df1399 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -754,6 +754,12 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
kr->is_offline = be_is_offline(state->be_ctx);
}
+ if (kr->is_offline
+ && sss_krb5_realm_has_proxy(dp_opt_get_cstring(kr->krb5_ctx->opts,
+ KRB5_REALM))) {
+ kr->is_offline = false;
+ }
+
subreq = handle_child_send(state, state->ev, kr);
if (subreq == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n");