diff options
author | Sumit Bose <sbose@redhat.com> | 2012-10-19 18:28:41 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-05 00:14:05 +0100 |
commit | f301ab3bd5959a796f2e88aa29fe40471a800e78 (patch) | |
tree | bc3018b82374ed1fea2fbc3f076bf4971b7e1285 /src/providers/ipa | |
parent | dcc133e6357e321d101cf39a2999901e33ae988e (diff) | |
download | sssd-f301ab3bd5959a796f2e88aa29fe40471a800e78.tar.gz sssd-f301ab3bd5959a796f2e88aa29fe40471a800e78.tar.xz sssd-f301ab3bd5959a796f2e88aa29fe40471a800e78.zip |
krb5_auth_send: check for sub-domains
If there is an authentication request for a user from a sub-domain a
temporary sysdb context is generated to allow lookups in the
corresponding sub-tree in the cache.
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_auth.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 2bd313b38..eb62f0295 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -210,12 +210,6 @@ void ipa_auth(struct be_req *be_req) state->pd = pd; - if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0 && - state->pd->cmd != SSS_PAM_ACCT_MGMT) { - DEBUG(SSSDBG_OP_FAILURE, ("This operation is not allowed for subdomains!\n")); - goto fail; - } - switch (state->pd->cmd) { case SSS_PAM_AUTHENTICATE: state->ipa_auth_ctx = talloc_get_type( |