diff options
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 16 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.h | 8 | ||||
-rw-r--r-- | src/providers/krb5/krb5_init.c | 1 |
3 files changed, 19 insertions, 6 deletions
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 044c2719..8117d1e5 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -142,11 +142,17 @@ static errno_t create_send_buffer(struct krb5child_req *kr, validate = dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_VALIDATE) ? 1 : 0; - /* Always send PAC except for local IPA users */ - if (kr->krb5_ctx->is_ipa) { - send_pac = kr->upn_from_different_realm ? 1 : 0; - } else { - send_pac = 1; + /* Always send PAC except for local IPA users and IPA server mode */ + switch (kr->krb5_ctx->config_type) { + case K5C_IPA_CLIENT: + send_pac = kr->upn_from_different_realm ? 1 : 0; + break; + case K5C_IPA_SERVER: + send_pac = 0; + break; + default: + send_pac = 1; + break; } if (kr->pd->cmd == SSS_CMD_RENEW) { diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 27089ab9..e56bd496 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -91,6 +91,12 @@ struct deferred_auth_ctx; struct renew_tgt_ctx; struct sss_krb5_cc_be; +enum krb5_config_type { + K5C_GENERIC, + K5C_IPA_CLIENT, + K5C_IPA_SERVER +}; + struct krb5_ctx { /* opts taken from kinit */ /* in seconds */ @@ -130,7 +136,7 @@ struct krb5_ctx { hash_table_t *wait_queue_hash; - bool is_ipa; + enum krb5_config_type config_type; }; struct remove_info_files_ctx { diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index c6ec496e..91f701a1 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -98,6 +98,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->action = INIT_PW; ctx->opts = krb5_options->opts; + ctx->config_type = K5C_GENERIC; krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC); |