diff options
| author | Stef Walter <stefw@gnome.org> | 2012-04-11 12:12:57 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-22 09:13:17 -0400 |
| commit | e413168d70c3ac08dc367d9889076e3f32701221 (patch) | |
| tree | 5b835b57558cec852bf875a41b7d884040638f53 /src/providers/ldap/ldap_child.c | |
| parent | 6da9b3bcbee97fbfdb02c652ddcd0ab048224997 (diff) | |
| download | sssd-e413168d70c3ac08dc367d9889076e3f32701221.tar.gz sssd-e413168d70c3ac08dc367d9889076e3f32701221.tar.xz sssd-e413168d70c3ac08dc367d9889076e3f32701221.zip | |
If canon'ing principals, write ccache with updated default principal
* When calling krb5_get_init_creds_keytab() with
krb5_get_init_creds_opt_set_canonicalize() the credential
principal can get updated.
* Create the cache file with the correct default credential.
* LDAP GSSAPI SASL would fail due to the mismatched credentials
before this patch.
https://bugzilla.redhat.com/show_bug.cgi?id=811518
Diffstat (limited to 'src/providers/ldap/ldap_child.c')
| -rw-r--r-- | src/providers/ldap/ldap_child.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 0679dbfdf..00c447489 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -300,7 +300,8 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, goto done; } - krberr = krb5_cc_initialize(context, ccache, kprinc); + /* Use updated principal if changed due to canonicalization. */ + krberr = krb5_cc_initialize(context, ccache, my_creds.client); if (krberr) { DEBUG(2, ("Failed to init ccache: %s\n", sss_krb5_get_error_message(context, krberr))); |