diff options
-rw-r--r-- | src/providers/krb5/krb5_child.c | 38 |
1 files changed, 18 insertions, 20 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 4626f59f..8f746a8d 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -987,27 +987,25 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) goto done; } - /* Try to find and send the PAC to the PAC responder for principals which - * do not belong to our realm. Failures are not critical. */ - if (kr->upn_from_different_realm) { - kerr = sss_extract_pac(kr->ctx, validation_ccache, validation_princ, - kr->creds->client, keytab, &pac_authdata); - if (kerr != 0) { - DEBUG(SSSDBG_OP_FAILURE, ("sss_extract_and_send_pac failed, group " \ - "membership for user with principal [%s] " \ - "might not be correct.\n", kr->name)); - kerr = 0; - goto done; - } + /* Try to find and send the PAC to the PAC responder. + * Failures are not critical. */ + kerr = sss_extract_pac(kr->ctx, validation_ccache, validation_princ, + kr->creds->client, keytab, &pac_authdata); + if (kerr != 0) { + DEBUG(SSSDBG_MINOR_FAILURE, ("sss_extract_and_send_pac failed, group " \ + "membership for user with principal [%s] " \ + "might not be correct.\n", kr->name)); + kerr = 0; + goto done; + } - kerr = sss_send_pac(pac_authdata); - krb5_free_authdata(kr->ctx, pac_authdata); - if (kerr != 0) { - DEBUG(SSSDBG_OP_FAILURE, ("sss_send_pac failed, group " \ - "membership for user with principal [%s] " \ - "might not be correct.\n", kr->name)); - kerr = 0; - } + kerr = sss_send_pac(pac_authdata); + krb5_free_authdata(kr->ctx, pac_authdata); + if (kerr != 0) { + DEBUG(SSSDBG_MINOR_FAILURE, ("sss_send_pac failed, group " \ + "membership for user with principal [%s] " \ + "might not be correct.\n", kr->name)); + kerr = 0; } done: |