diff options
author | Sumit Bose <sbose@redhat.com> | 2012-10-23 21:30:17 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-05 00:14:05 +0100 |
commit | ef3053bd244cb3b104b608b338c764c6a2e34f29 (patch) | |
tree | 6e3405f1da00c2f632a7433c0c606ad3c28ad0c0 /src/providers/krb5/krb5_auth.h | |
parent | b3ea76f3c6d32b4fbf29caa2f4f6ec4138da5be1 (diff) | |
download | sssd-ef3053bd244cb3b104b608b338c764c6a2e34f29.tar.gz sssd-ef3053bd244cb3b104b608b338c764c6a2e34f29.tar.xz sssd-ef3053bd244cb3b104b608b338c764c6a2e34f29.zip |
krb5_child: send back the client principal
In general Kerberos is case sensitive but the KDC of Active Directory
typically handles request case in-sensitive. In the case where we guess
a user principal by combining the user name and the realm and are not
sure about the cases of the letters used in the user name we might get a
valid ticket from the AD KDC but are not able to access it with the
Kerberos client library because we assume a wrong case.
The client principal in the returned credentials will always have the
right cases. To be able to update the cache user principal name the
krb5_child will return the principal for further processing.
Diffstat (limited to 'src/providers/krb5/krb5_auth.h')
-rw-r--r-- | src/providers/krb5/krb5_auth.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h index a23b8b47d..bf49f7cfd 100644 --- a/src/providers/krb5/krb5_auth.h +++ b/src/providers/krb5/krb5_auth.h @@ -80,6 +80,7 @@ struct krb5_child_response { int32_t msg_status; struct tgt_times tgtt; char *ccname; + char *correct_upn; }; errno_t |