summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-10-19 18:28:41 +0200
committerSumit Bose <sbose@redhat.com>2012-10-26 10:32:05 +0200
commitd29e91321d175dce94d87c23a44ced40d265de2c (patch)
tree66025c86ad9a2ae8a76b37603c6db091aba70d6f /src/providers/ipa
parentd9137b153f1266ee5659405b2d7bc11787dad817 (diff)
downloadsssd-d29e91321d175dce94d87c23a44ced40d265de2c.tar.gz
sssd-d29e91321d175dce94d87c23a44ced40d265de2c.tar.xz
sssd-d29e91321d175dce94d87c23a44ced40d265de2c.zip
krb5_auth_send: check for sub-domains
If there is an authentication request for a user from a sub-domain a temporary sysdb context is generated to allow lookups in the corresponding sub-tree in the cache.
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_auth.c6
1 files changed, 0 insertions, 6 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index 2bd313b38..eb62f0295 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -210,12 +210,6 @@ void ipa_auth(struct be_req *be_req)
state->pd = pd;
- if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0 &&
- state->pd->cmd != SSS_PAM_ACCT_MGMT) {
- DEBUG(SSSDBG_OP_FAILURE, ("This operation is not allowed for subdomains!\n"));
- goto fail;
- }
-
switch (state->pd->cmd) {
case SSS_PAM_AUTHENTICATE:
state->ipa_auth_ctx = talloc_get_type(