diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-01-20 18:06:49 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-01-21 11:33:06 +0100 |
commit | 8e650486102cb0c60f54e43acecacffdf3858ada (patch) | |
tree | 0dcd87c213bbb381d412c862e29e574e7a1298db /src/providers/ipa/ipa_s2n_exop.c | |
parent | ac9d460c61bf3bdb3aed5d96541d7e5baf8d9648 (diff) | |
download | sssd-8e650486102cb0c60f54e43acecacffdf3858ada.tar.gz sssd-8e650486102cb0c60f54e43acecacffdf3858ada.tar.xz sssd-8e650486102cb0c60f54e43acecacffdf3858ada.zip |
Open the PAC socket from krb5_child before dropping root
The PAC responder by default allows only connections from the root user.
This patch opens the socket to the PAC responder before the krb5_child
drops privileges so the connection seemingly comes from root.
https://fedorahosted.org/sssd/ticket/2559
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 858e750c3d4fe54e50616a1ed1e101469503c070)
Diffstat (limited to 'src/providers/ipa/ipa_s2n_exop.c')
0 files changed, 0 insertions, 0 deletions