diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-19 17:36:55 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-19 22:25:40 +0100 |
commit | 83e75fcfff170ba7b991a58284b0ef71a3f0f36d (patch) | |
tree | 9d4c5ecd6c48c1dbc00d12f61c63c42ca737398d /scripts | |
parent | 9f4df8c7dd337659772ee8c062c490ea473c471d (diff) | |
download | sssd-83e75fcfff170ba7b991a58284b0ef71a3f0f36d.tar.gz sssd-83e75fcfff170ba7b991a58284b0ef71a3f0f36d.tar.xz sssd-83e75fcfff170ba7b991a58284b0ef71a3f0f36d.zip |
LDAP: Checking the principal should not be considered fatal
The check is too restrictive as the select_principal_from_keytab can
return something else than user requested right now.
Consider that user query for host/myserver@EXAMPLE.COM, then the
select_principal_from_keytab function will return "myserver" in primary and
"EXAMPLE.COM" in realm. So the caller needs to add logic to also break
down the principal to get rid of the host/ part. The heuristics would
simply get too complex.
select_principal_from_keytab will error out anyway if there's no
suitable principal at all.
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions