summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-09-20 12:34:52 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-09-23 17:00:40 +0200
commitb9dadaa81c2d08fc6857442d557a145c45a93b52 (patch)
tree1a9164d6a76be5b1b46dcb1ab06784e1101d09f3
parent764aa04ee92dbbd0d1eca6703294135eb97fda6d (diff)
downloadsssd-b9dadaa81c2d08fc6857442d557a145c45a93b52.tar.gz
sssd-b9dadaa81c2d08fc6857442d557a145c45a93b52.tar.bz2
sssd-b9dadaa81c2d08fc6857442d557a145c45a93b52.zip
krb5: do not expand enterprise principals is offline
Expanding a principle to an enterprise principal only makes sense if there is a KDC available which can process it. If we are offline the plain principal should be used, e.g. to create an expired ccache. Fixes https://fedorahosted.org/sssd/ticket/2060
-rw-r--r--src/providers/krb5/krb5_child_handler.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index aa72c07c..92dec0d2 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -155,7 +155,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
break;
}
- if (kr->pd->cmd == SSS_CMD_RENEW) {
+ if (kr->pd->cmd == SSS_CMD_RENEW || kr->is_offline) {
use_enterprise_principal = false;
} else {
use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts,