krb5: do not use enterprise principals for renewals

When renewing a ticket we already know the canonical principal hence it is not needed to expand it to an enterprise principal but we can contact the KDC of the corresponding realm directly.
author: Sumit Bose <sbose@redhat.com> 2013-06-24 21:39:36 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-06-25 14:34:42 +0200
commit: 695cc8754aecb3dcc3a617d86b7d4b6470af175d (patch)
tree: adb80f8bae1c54bf45bdb51dd898ece420452712 /src/providers/krb5/krb5_child_handler.c
parent: fa4a9c4afcc0c62a693034e21f33356e64735687 (diff)
download: sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.tar.gz
sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.tar.bz2
sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index 161fa269..1da7e4f4 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -148,8 +148,13 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
     } else {
         send_pac = 1;
     }
-    use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts,
+
+    if (kr->pd->cmd == SSS_CMD_RENEW) {
+        use_enterprise_principal = false;
+    } else {
+        use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts,
                                          KRB5_USE_ENTERPRISE_PRINCIPAL) ? 1 : 0;
+    }
 
     buf = talloc(kr, struct io_buffer);
     if (buf == NULL) {
author	Sumit Bose <sbose@redhat.com>	2013-06-24 21:39:36 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-06-25 14:34:42 +0200
commit	695cc8754aecb3dcc3a617d86b7d4b6470af175d (patch)
tree	adb80f8bae1c54bf45bdb51dd898ece420452712 /src/providers/krb5/krb5_child_handler.c
parent	fa4a9c4afcc0c62a693034e21f33356e64735687 (diff)
download	sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.tar.gz sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.tar.bz2 sssd-695cc8754aecb3dcc3a617d86b7d4b6470af175d.zip