diff options
Diffstat (limited to 'src/providers/krb5/krb5_child_handler.c')
-rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 292ba00b..161fa269 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -129,7 +129,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, size_t rp; const char *keytab; uint32_t validate; - uint32_t different_realm; + uint32_t send_pac; uint32_t use_enterprise_principal; size_t username_len = 0; errno_t ret; @@ -141,7 +141,13 @@ static errno_t create_send_buffer(struct krb5child_req *kr, } validate = dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_VALIDATE) ? 1 : 0; - different_realm = kr->upn_from_different_realm ? 1 : 0; + + /* Always send PAC except for local IPA users */ + if (kr->krb5_ctx->is_ipa) { + send_pac = kr->upn_from_different_realm ? 1 : 0; + } else { + send_pac = 1; + } use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_USE_ENTERPRISE_PRINCIPAL) ? 1 : 0; @@ -184,7 +190,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->gid, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &validate, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->is_offline, &rp); - SAFEALIGN_COPY_UINT32(&buf->data[rp], &different_realm, &rp); + SAFEALIGN_COPY_UINT32(&buf->data[rp], &send_pac, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &use_enterprise_principal, &rp); SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(kr->upn), &rp); |