|author||Sumit Bose <email@example.com>||2013-06-05 13:06:08 +0200|
|committer||Jakub Hrozek <firstname.lastname@example.org>||2013-06-06 23:58:57 +0200|
Always send the PAC to the PAC responder
Currently while doing a Kerberos based authentication the PAC was only send to the PAC responder for principals from a different realm. This reflects the FreeIPA use case of users from trusted domains. This restriction does not make sense anymore when the data from the PAC should be used for the AD provider as well. It also makes only limited sense for the IPA use case, because when using GSSAPI the PAC of users from the local IPA domain are already evaluated by the PAC responder.
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions