From b9dadaa81c2d08fc6857442d557a145c45a93b52 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 20 Sep 2013 12:34:52 +0200 Subject: krb5: do not expand enterprise principals is offline Expanding a principle to an enterprise principal only makes sense if there is a KDC available which can process it. If we are offline the plain principal should be used, e.g. to create an expired ccache. Fixes https://fedorahosted.org/sssd/ticket/2060 --- src/providers/krb5/krb5_child_handler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index aa72c07c..92dec0d2 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -155,7 +155,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, break; } - if (kr->pd->cmd == SSS_CMD_RENEW) { + if (kr->pd->cmd == SSS_CMD_RENEW || kr->is_offline) { use_enterprise_principal = false; } else { use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts, -- cgit