diff options
author | Sumit Bose <sbose@redhat.com> | 2012-10-23 21:30:17 +0200 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2012-10-26 10:32:05 +0200 |
commit | d3dca30d3a6feba062d0299718d1a9fcdc8b9d17 (patch) | |
tree | 008de45d9668d85600ac2a57ed8bd460ffb95594 /src/providers/data_provider.h | |
parent | cac29dc2ece94180de33b52c113865bbab49b252 (diff) | |
download | sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.tar.gz sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.tar.xz sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.zip |
krb5_child: send back the client principal
In general Kerberos is case sensitive but the KDC of Active Directory
typically handles request case in-sensitive. In the case where we guess
a user principal by combining the user name and the realm and are not
sure about the cases of the letters used in the user name we might get a
valid ticket from the AD KDC but are not able to access it with the
Kerberos client library because we assume a wrong case.
The client principal in the returned credentials will always have the
right cases. To be able to update the cache user principal name the
krb5_child will return the principal for further processing.
Diffstat (limited to 'src/providers/data_provider.h')
-rw-r--r-- | src/providers/data_provider.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index b783081bc..d49fcd524 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -195,6 +195,7 @@ struct pam_data { #define SSS_PROXY_INFO 0x10000000 #define SSS_KRB5_INFO_TGT_LIFETIME (SSS_SERVER_INFO|SSS_KRB5_INFO|0x01) +#define SSS_KRB5_INFO_UPN (SSS_SERVER_INFO|SSS_KRB5_INFO|0x02) errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *old_pd, struct pam_data **new_pd); |