From 8e28e35b9cf2cc6f1a2b4166b8cc1ae0856578d3 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 13 Nov 2015 17:54:27 -0500
Subject: Fix acquiring default credentials

In this case we want to prefer sourcing the "acceptor" credentials from
a keytab if available, as that's what applications expect if they have
no credentials.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
---
 proxy/src/gp_creds.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index e00f735..e7f2676 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -291,7 +291,9 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
         }
     } else {
         /* No name provided */
-        if (svc->euid != target_uid) {
+        if (svc->trusted && (svc->euid == target_uid)) {
+            use_service_keytab = true;
+        } else if (svc->euid != target_uid) {
             user_requested = true;
         }
     }
-- 
cgit