IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-kdb: when processing transitions, hand over unknown ones to KDC

Browse Source 
When processing cross-realm trust transitions, let the KDC to handle
those we don't know about. Admins might define the transitions as
explicit [capaths] in krb5.conf.

https://fedorahosted.org/freeipa/ticket/4791

Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
This commit is contained in:
Alexander Bokovoy 2014-12-05 21:22:23 +02:00 committed by Martin Kosek
parent 6162426999
commit 0d3b4cd3ec
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
daemons/ipa-kdb/ipa_kdb_mspac.c
View File

@ -2685,7 +2685,8 @@ krb5_error_code ipadb_check_transited_realms(krb5_context kcontext,
} }
} }
ret = KRB5KRB_AP_ERR_ILL_CR_TKT; /* Tell to KDC that we don't handle this transition so that rules in krb5.conf could play its role */
ret = KRB5_PLUGIN_NO_HANDLE;
if (has_client_realm && has_transited_contents && has_server_realm) { if (has_client_realm && has_transited_contents && has_server_realm) {
ret = 0; ret = 0;
} }