diff options
| author | Simo Sorce <simo@redhat.com> | 2013-11-16 18:54:28 -0500 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2013-11-20 15:50:12 +0100 |
| commit | a272091dfd568cb96738cc96ea01bbf7f24ee62c (patch) | |
| tree | 38561f380034c812959e5211ed3f4e24d0280b51 | |
| parent | 1d78d1af3da7eeb15aa1f054b740f31a12f48f31 (diff) | |
| download | gss-proxy-a272091dfd568cb96738cc96ea01bbf7f24ee62c.tar.gz gss-proxy-a272091dfd568cb96738cc96ea01bbf7f24ee62c.tar.xz gss-proxy-a272091dfd568cb96738cc96ea01bbf7f24ee62c.zip | |
creds: Allow admins to define only client creds
When a service is configured with cred_usage = initiate it is
ok to allow only client credentials to be defined.
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
| -rw-r--r-- | proxy/src/gp_creds.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c index 60c4e12..1ac1fac 100644 --- a/proxy/src/gp_creds.c +++ b/proxy/src/gp_creds.c @@ -376,7 +376,12 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall, * if any. */ if (use_service_keytab) { if (k_num == -1) { - ret = EINVAL; + if (ck_num == -1) { + ret = EINVAL; + } else { + /* allow a service to define only the client keytab */ + ret = 0; + } goto done; } if (ck_num == -1) { |