From d3dca30d3a6feba062d0299718d1a9fcdc8b9d17 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 23 Oct 2012 21:30:17 +0200 Subject: krb5_child: send back the client principal In general Kerberos is case sensitive but the KDC of Active Directory typically handles request case in-sensitive. In the case where we guess a user principal by combining the user name and the realm and are not sure about the cases of the letters used in the user name we might get a valid ticket from the AD KDC but are not able to access it with the Kerberos client library because we assume a wrong case. The client principal in the returned credentials will always have the right cases. To be able to update the cache user principal name the krb5_child will return the principal for further processing. --- src/providers/krb5/krb5_auth.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/providers/krb5/krb5_auth.h') diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h index a23b8b47..bf49f7cf 100644 --- a/src/providers/krb5/krb5_auth.h +++ b/src/providers/krb5/krb5_auth.h @@ -80,6 +80,7 @@ struct krb5_child_response { int32_t msg_status; struct tgt_times tgtt; char *ccname; + char *correct_upn; }; errno_t -- cgit