From d29e91321d175dce94d87c23a44ced40d265de2c Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 19 Oct 2012 18:28:41 +0200
Subject: krb5_auth_send: check for sub-domains

If there is an authentication request for a user from a sub-domain a
temporary sysdb context is generated to allow lookups in the
corresponding sub-tree in the cache.
---
 src/providers/ipa/ipa_auth.c | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'src/providers/ipa/ipa_auth.c')

diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index 2bd313b38..eb62f0295 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -210,12 +210,6 @@ void ipa_auth(struct be_req *be_req)
 
     state->pd = pd;
 
-    if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0 &&
-        state->pd->cmd != SSS_PAM_ACCT_MGMT) {
-        DEBUG(SSSDBG_OP_FAILURE, ("This operation is not allowed for subdomains!\n"));
-        goto fail;
-    }
-
     switch (state->pd->cmd) {
         case SSS_PAM_AUTHENTICATE:
             state->ipa_auth_ctx = talloc_get_type(
-- 
cgit