diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-19 19:15:52 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-05 20:16:17 +0100 |
commit | 954637494fc8453f71e2b5d93b3d1ea97e31d646 (patch) | |
tree | 3f17ef5590e9af0395c8edc051edd55188319ae9 /Makefile.am | |
parent | 9524f859a730ef39852ecbba5638f26ab677cdd7 (diff) | |
download | sssd-954637494fc8453f71e2b5d93b3d1ea97e31d646.tar.gz sssd-954637494fc8453f71e2b5d93b3d1ea97e31d646.tar.xz sssd-954637494fc8453f71e2b5d93b3d1ea97e31d646.zip |
LDAP: Drop privileges after kinit in ldap_child
After ldap_child initializes privileges using root-owned keytab, it
drops privileges to the SSSD user, minimizing the amount of code that
runs as root.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Diffstat (limited to 'Makefile.am')
-rw-r--r-- | Makefile.am | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index 02b087ea3..ea296c40f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2517,7 +2517,9 @@ ldap_child_SOURCES = \ src/util/atomic_io.c \ src/util/authtok.c \ src/util/util.c \ - src/util/signal.c + src/util/signal.c \ + src/util/become_user.c \ + $(NULL) ldap_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ |