diff options
author | Simo Sorce <simo@redhat.com> | 2015-11-13 17:54:27 -0500 |
---|---|---|
committer | Robbie Harwood <rharwood@redhat.com> | 2015-12-01 17:46:00 -0500 |
commit | 8e28e35b9cf2cc6f1a2b4166b8cc1ae0856578d3 (patch) | |
tree | 4214bf6c8fd86f6df096ee6dfc80cd5de7764957 /proxy | |
parent | 84fcb276d2253f34e5d50a87e42e34c1fd918a55 (diff) | |
download | gss-proxy-8e28e35b9cf2cc6f1a2b4166b8cc1ae0856578d3.tar.gz gss-proxy-8e28e35b9cf2cc6f1a2b4166b8cc1ae0856578d3.tar.xz gss-proxy-8e28e35b9cf2cc6f1a2b4166b8cc1ae0856578d3.zip |
Fix acquiring default credentials
In this case we want to prefer sourcing the "acceptor" credentials from
a keytab if available, as that's what applications expect if they have
no credentials.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Diffstat (limited to 'proxy')
-rw-r--r-- | proxy/src/gp_creds.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c index e00f735..e7f2676 100644 --- a/proxy/src/gp_creds.c +++ b/proxy/src/gp_creds.c @@ -291,7 +291,9 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall, } } else { /* No name provided */ - if (svc->euid != target_uid) { + if (svc->trusted && (svc->euid == target_uid)) { + use_service_keytab = true; + } else if (svc->euid != target_uid) { user_requested = true; } } |