diff options
author | Simo Sorce <simo@redhat.com> | 2013-11-16 18:54:28 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-11-16 18:54:28 -0500 |
commit | 9824bec3a9fc14a527a4febd60a730f6deee0918 (patch) | |
tree | 3a44c46a549e94b2562a66c4157c1050d5280cc5 | |
parent | 5f6b2d295cc2542429f4e1b7144eb947681f64ca (diff) | |
download | gss-proxy-9824bec3a9fc14a527a4febd60a730f6deee0918.tar.gz gss-proxy-9824bec3a9fc14a527a4febd60a730f6deee0918.tar.xz gss-proxy-9824bec3a9fc14a527a4febd60a730f6deee0918.zip |
creds: Allow admins to define only client creds
When a service is configured with cred_usage = initiate it is
ok to allow only client credentials to be defined.
-rw-r--r-- | proxy/src/gp_creds.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c index e02a667..e1c71fe 100644 --- a/proxy/src/gp_creds.c +++ b/proxy/src/gp_creds.c @@ -371,7 +371,12 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall, * if any. */ if (use_service_keytab) { if (k_num == -1) { - ret = EINVAL; + if (ck_num == -1) { + ret = EINVAL; + } else { + /* allow a service to define only the client keytab */ + ret = 0; + } goto done; } if (ck_num == -1) { |