diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-06-24 21:39:36 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-25 14:34:42 +0200 |
| commit | 695cc8754aecb3dcc3a617d86b7d4b6470af175d (patch) | |
| tree | adb80f8bae1c54bf45bdb51dd898ece420452712 /src | |
| parent | fa4a9c4afcc0c62a693034e21f33356e64735687 (diff) | |
| download | sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.tar.gz sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.tar.xz sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.zip | |
krb5: do not use enterprise principals for renewals
When renewing a ticket we already know the canonical principal hence it
is not needed to expand it to an enterprise principal but we can contact
the KDC of the corresponding realm directly.
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 161fa269a..1da7e4f42 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -148,8 +148,13 @@ static errno_t create_send_buffer(struct krb5child_req *kr, } else { send_pac = 1; } - use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts, + + if (kr->pd->cmd == SSS_CMD_RENEW) { + use_enterprise_principal = false; + } else { + use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_USE_ENTERPRISE_PRINCIPAL) ? 1 : 0; + } buf = talloc(kr, struct io_buffer); if (buf == NULL) { |