diff options
author | Sumit Bose <sbose@redhat.com> | 2012-12-17 22:08:59 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-12-18 19:03:57 +0100 |
commit | 163d02193d4ce9f0075ef87a6ce209ee41554272 (patch) | |
tree | d1ed423654af56a9b6125a05ddb2ac9df1b75d4a | |
parent | dd85581b726d7db264348ae27d77c4615b7f79d0 (diff) | |
download | sssd-163d02193d4ce9f0075ef87a6ce209ee41554272.tar.gz sssd-163d02193d4ce9f0075ef87a6ce209ee41554272.tar.xz sssd-163d02193d4ce9f0075ef87a6ce209ee41554272.zip |
select_principal_from_keytab() look for plain input as well
Currently in select_principal_from_keytab() all kind of different
versions of the host principal are looked up in the keytab except for
the plain name the ldap_sasl_authid option. With this patch the plain
name is looked up first.
-rw-r--r-- | src/util/sss_krb5.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 383745787..0eb032a76 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -49,14 +49,18 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, /** * Priority of lookup: + * - our.hostname@REALM or host/our.hostname@REALM depending on the input + * - our.hostname$@REALM (AD domain) * - foobar$@REALM (AD domain) * - host/our.hostname@REALM * - host/foobar@REALM * - host/foo@BAR * - pick the first principal in the keytab */ - const char *primary_patterns[] = {"%s$", "*$", "host/%s", "host/*", "host/*", NULL}; - const char *realm_patterns[] = {"%s", "%s", "%s", "%s", NULL, NULL}; + const char *primary_patterns[] = {"%s", "%s$", "*$", "host/%s", "host/*", + "host/*", NULL}; + const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s", + NULL, NULL}; DEBUG(5, ("trying to select the most appropriate principal from keytab\n")); tmp_ctx = talloc_new(NULL); |