diff options
author | Sumit Bose <sbose@redhat.com> | 2013-09-20 12:34:52 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-23 17:01:55 +0200 |
commit | 3be9a74d0acd35430c060322903c29efc3fef9fe (patch) | |
tree | 2efff9f036a83278ad348e134348157862832d0f /src/providers/krb5/krb5_child_handler.c | |
parent | 6a9ef2c0105d316a1286c92073511ff95301c39f (diff) | |
download | sssd-3be9a74d0acd35430c060322903c29efc3fef9fe.tar.gz sssd-3be9a74d0acd35430c060322903c29efc3fef9fe.tar.xz sssd-3be9a74d0acd35430c060322903c29efc3fef9fe.zip |
krb5: do not expand enterprise principals is offline
Expanding a principle to an enterprise principal only makes sense if
there is a KDC available which can process it. If we are offline the
plain principal should be used, e.g. to create an expired ccache.
Fixes https://fedorahosted.org/sssd/ticket/2060
Diffstat (limited to 'src/providers/krb5/krb5_child_handler.c')
-rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index aa72c07ce..92dec0d2a 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -155,7 +155,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, break; } - if (kr->pd->cmd == SSS_CMD_RENEW) { + if (kr->pd->cmd == SSS_CMD_RENEW || kr->is_offline) { use_enterprise_principal = false; } else { use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts, |