summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_child.c38
1 files changed, 18 insertions, 20 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 4626f59f..8f746a8d 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -987,27 +987,25 @@ static krb5_error_code validate_tgt(struct krb5_req *kr)
goto done;
}
- /* Try to find and send the PAC to the PAC responder for principals which
- * do not belong to our realm. Failures are not critical. */
- if (kr->upn_from_different_realm) {
- kerr = sss_extract_pac(kr->ctx, validation_ccache, validation_princ,
- kr->creds->client, keytab, &pac_authdata);
- if (kerr != 0) {
- DEBUG(SSSDBG_OP_FAILURE, ("sss_extract_and_send_pac failed, group " \
- "membership for user with principal [%s] " \
- "might not be correct.\n", kr->name));
- kerr = 0;
- goto done;
- }
+ /* Try to find and send the PAC to the PAC responder.
+ * Failures are not critical. */
+ kerr = sss_extract_pac(kr->ctx, validation_ccache, validation_princ,
+ kr->creds->client, keytab, &pac_authdata);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("sss_extract_and_send_pac failed, group " \
+ "membership for user with principal [%s] " \
+ "might not be correct.\n", kr->name));
+ kerr = 0;
+ goto done;
+ }
- kerr = sss_send_pac(pac_authdata);
- krb5_free_authdata(kr->ctx, pac_authdata);
- if (kerr != 0) {
- DEBUG(SSSDBG_OP_FAILURE, ("sss_send_pac failed, group " \
- "membership for user with principal [%s] " \
- "might not be correct.\n", kr->name));
- kerr = 0;
- }
+ kerr = sss_send_pac(pac_authdata);
+ krb5_free_authdata(kr->ctx, pac_authdata);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("sss_send_pac failed, group " \
+ "membership for user with principal [%s] " \
+ "might not be correct.\n", kr->name));
+ kerr = 0;
}
done: