summaryrefslogtreecommitdiffstats
path: root/src/tools/sss_obfuscate
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-10-23 21:30:17 +0200
committerSumit Bose <sbose@redhat.com>2012-10-26 10:32:05 +0200
commitd3dca30d3a6feba062d0299718d1a9fcdc8b9d17 (patch)
tree008de45d9668d85600ac2a57ed8bd460ffb95594 /src/tools/sss_obfuscate
parentcac29dc2ece94180de33b52c113865bbab49b252 (diff)
downloadsssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.tar.gz
sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.tar.xz
sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.zip
krb5_child: send back the client principal
In general Kerberos is case sensitive but the KDC of Active Directory typically handles request case in-sensitive. In the case where we guess a user principal by combining the user name and the realm and are not sure about the cases of the letters used in the user name we might get a valid ticket from the AD KDC but are not able to access it with the Kerberos client library because we assume a wrong case. The client principal in the returned credentials will always have the right cases. To be able to update the cache user principal name the krb5_child will return the principal for further processing.
Diffstat (limited to 'src/tools/sss_obfuscate')
0 files changed, 0 insertions, 0 deletions