summaryrefslogtreecommitdiffstats
path: root/src/man/sssd-ldap.5.xml
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-11-19 17:36:55 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-11-19 22:19:29 +0100
commit459f70d567c211f860244f75f2878c3a446c2a38 (patch)
tree732ce79c17d222f9a7851f2a8ceebfd0909ef353 /src/man/sssd-ldap.5.xml
parente0d861963e10c5aba79ad87f8c48b0ce1bec06ca (diff)
downloadsssd-459f70d567c211f860244f75f2878c3a446c2a38.tar.gz
sssd-459f70d567c211f860244f75f2878c3a446c2a38.tar.xz
sssd-459f70d567c211f860244f75f2878c3a446c2a38.zip
LDAP: Checking the principal should not be considered fatal
The check is too restrictive as the select_principal_from_keytab can return something else than user requested right now. Consider that user query for host/myserver@EXAMPLE.COM, then the select_principal_from_keytab function will return "myserver" in primary and "EXAMPLE.COM" in realm. So the caller needs to add logic to also break down the principal to get rid of the host/ part. The heuristics would simply get too complex. select_principal_from_keytab will error out anyway if there's no suitable principal at all.
Diffstat (limited to 'src/man/sssd-ldap.5.xml')
0 files changed, 0 insertions, 0 deletions