diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-19 08:36:28 +0300 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-23 14:18:03 +0200 |
commit | 48657b5de36a63b0c13ed5d53065871d59d8f10b (patch) | |
tree | 61403ad977c2a0f73e1a776170fce867468a142d /src/providers/krb5/krb5_common.h | |
parent | 1b3144586978c47506eaa39db505e6231e3b0c0a (diff) | |
download | sssd-48657b5de36a63b0c13ed5d53065871d59d8f10b.tar.gz sssd-48657b5de36a63b0c13ed5d53065871d59d8f10b.tar.xz sssd-48657b5de36a63b0c13ed5d53065871d59d8f10b.zip |
KRB5: Do not send PAC in server mode
The krb5 child contacts the PAC responder for any user except for the
IPA native users if the PAC is configured. This works fine for the
general case but the ipa_server_mode is a special one. The PAC responder
is there, but since in the server mode we should be operating as AD
provider default, the PAC shouldn't be analyzed either in this case.
Diffstat (limited to 'src/providers/krb5/krb5_common.h')
-rw-r--r-- | src/providers/krb5/krb5_common.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 27089ab96..e56bd496e 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -91,6 +91,12 @@ struct deferred_auth_ctx; struct renew_tgt_ctx; struct sss_krb5_cc_be; +enum krb5_config_type { + K5C_GENERIC, + K5C_IPA_CLIENT, + K5C_IPA_SERVER +}; + struct krb5_ctx { /* opts taken from kinit */ /* in seconds */ @@ -130,7 +136,7 @@ struct krb5_ctx { hash_table_t *wait_queue_hash; - bool is_ipa; + enum krb5_config_type config_type; }; struct remove_info_files_ctx { |