krb5_child: send back the client principal

In general Kerberos is case sensitive but the KDC of Active Directory typically handles request case in-sensitive. In the case where we guess a user principal by combining the user name and the realm and are not sure about the cases of the letters used in the user name we might get a valid ticket from the AD KDC but are not able to access it with the Kerberos client library because we assume a wrong case. The client principal in the returned credentials will always have the right cases. To be able to update the cache user principal name the krb5_child will return the principal for further processing.
author: Sumit Bose <sbose@redhat.com> 2012-10-23 21:30:17 +0200
committer: Sumit Bose <sbose@redhat.com> 2012-10-26 10:32:05 +0200
commit: d3dca30d3a6feba062d0299718d1a9fcdc8b9d17 (patch)
tree: 008de45d9668d85600ac2a57ed8bd460ffb95594 /src/providers/krb5/krb5_auth.h
parent: cac29dc2ece94180de33b52c113865bbab49b252 (diff)
download: sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.tar.gz
sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.tar.bz2
sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index a23b8b47..bf49f7cf 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -80,6 +80,7 @@ struct krb5_child_response {
     int32_t msg_status;
     struct tgt_times tgtt;
     char *ccname;
+    char *correct_upn;
 };
 
 errno_t
author	Sumit Bose <sbose@redhat.com>	2012-10-23 21:30:17 +0200
committer	Sumit Bose <sbose@redhat.com>	2012-10-26 10:32:05 +0200
commit	d3dca30d3a6feba062d0299718d1a9fcdc8b9d17 (patch)
tree	008de45d9668d85600ac2a57ed8bd460ffb95594 /src/providers/krb5/krb5_auth.h
parent	cac29dc2ece94180de33b52c113865bbab49b252 (diff)
download	sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.tar.gz sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.tar.bz2 sssd-d3dca30d3a6feba062d0299718d1a9fcdc8b9d17.zip