diff options
author | Sumit Bose <sbose@redhat.com> | 2013-05-28 18:32:32 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-31 16:16:13 +0200 |
commit | 99b2ad71169aa02846f7843d26cbe28e1e1c81fe (patch) | |
tree | b370ea651ab545624045a8fe64d00b00d251ffbc /src/providers/krb5 | |
parent | 577ba99b3150404533bd3d859522a2c994b17e76 (diff) | |
download | sssd-99b2ad71169aa02846f7843d26cbe28e1e1c81fe.tar.gz sssd-99b2ad71169aa02846f7843d26cbe28e1e1c81fe.tar.xz sssd-99b2ad71169aa02846f7843d26cbe28e1e1c81fe.zip |
Set canonicalize flag if enterprise principals are used
In contrast to MIT KDCs AD does not automatically canonicalize the
enterprise principal in an AS request but requires the canonicalize
flags to be set. To be on the safe side we always enable
canonicalization if enterprise principals are used.
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_common.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index c6865c099..940cc3731 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -155,7 +155,12 @@ errno_t check_and_export_options(struct dp_option *opts, } } - if (dp_opt_get_bool(opts, KRB5_CANONICALIZE)) { + /* In contrast to MIT KDCs AD does not automatically canonicalize the + * enterprise principal in an AS request but requires the canonicalize + * flags to be set. To be on the safe side we always enable + * canonicalization if enterprise principals are used. */ + if (dp_opt_get_bool(opts, KRB5_CANONICALIZE) + || dp_opt_get_bool(opts, KRB5_USE_ENTERPRISE_PRINCIPAL)) { ret = setenv(SSSD_KRB5_CANONICALIZE, "true", 1); } else { ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1); |