diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-22 13:01:18 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-30 14:10:16 +0200 |
commit | 861ab44e8148208425b67c4711bc8fade10fd3ed (patch) | |
tree | b761acab71367242011f426f486f64188eb8fdb4 /configure.ac | |
parent | 3e39806177e1cd383743ff596cb96df44a6ce8c9 (diff) | |
download | sssd-861ab44e8148208425b67c4711bc8fade10fd3ed.tar.gz sssd-861ab44e8148208425b67c4711bc8fade10fd3ed.tar.xz sssd-861ab44e8148208425b67c4711bc8fade10fd3ed.zip |
KRB5: Authenticate users in a non-POSIX domain using a MEMORY ccache
Related to:
https://pagure.io/SSSD/sssd/issue/3310
The following changes were done to the Kerberos authentication code
in order to support authentication in a non-POSIX environment:
- delayed authentication is disabled in non-POSIX domains
- when a user logs in in a non-POSIX domain, SSSD uses a
MEMORY:$username ccache and destroys is then krb5_child finishes
so that just the numeric result is used
- krb5_child doesn't drop privileges in this configuration because
there is nothing to drop privileges to
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'configure.ac')
0 files changed, 0 insertions, 0 deletions