From a272091dfd568cb96738cc96ea01bbf7f24ee62c Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Sat, 16 Nov 2013 18:54:28 -0500
Subject: creds: Allow admins to define only client creds
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When a service is configured with cred_usage = initiate it is
ok to allow only client credentials to be defined.

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
---
 proxy/src/gp_creds.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 60c4e12..1ac1fac 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -376,7 +376,12 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
      * if any. */
     if (use_service_keytab) {
         if (k_num == -1) {
-            ret = EINVAL;
+            if (ck_num == -1) {
+                ret = EINVAL;
+            } else {
+                /* allow a service to define only the client keytab */
+                ret = 0;
+            }
             goto done;
         }
         if (ck_num == -1) {
-- 
cgit