From fa4a9c4afcc0c62a693034e21f33356e64735687 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 24 Jun 2013 20:59:53 +0200 Subject: krb5: do not send pac for IPA users from the local domain So far we didn't send the PAC of IPA users to the PAC responder during password authentication because group memberships for IPA users can be retrieved efficiently with LDAP calls. Recently patches added PAC support for the AD provider as well and removed the restriction for the IPA users. This patch restores the original behaviour by introducing a new flag in struct krb5_ctx which is only set for the IPA provider. Additionally a different flag is renamed to make it's purpose more clear. Fixes https://fedorahosted.org/sssd/ticket/1995 --- src/providers/krb5/krb5_common.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/providers/krb5/krb5_common.h') diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index eb563888c..501cdef10 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -129,6 +129,8 @@ struct krb5_ctx { bool use_fast; hash_table_t *wait_queue_hash; + + bool is_ipa; }; struct remove_info_files_ctx { -- cgit