From 83f24636ef8d3d2b9c5be46272781ed5e0497ca7 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 18 Oct 2012 16:14:40 +0200
Subject: krb5_auth: check if principal belongs to a different realm

Add a flag if the principal used for authentication does not belong
to our realm. This can be used to act differently for users from other
realms.
---
 src/providers/krb5/krb5_common.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/providers/krb5/krb5_common.h')

diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 51bd26773..bc63bf983 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -177,6 +177,10 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm);
 errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
                             const char *username, const char **_upn);
 
+errno_t compare_principal_realm(const char *upn, const char *realm,
+                                bool *different_realm);
+
+
 int sssm_krb5_auth_init(struct be_ctx *bectx,
                         struct bet_ops **ops,
                         void **pvt_auth_data);
-- 
cgit