mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
0317255b53
UPN_DNS_INFO structure contains the client's user principal name (UPN) and a fully qualified domain name. It is used to provide the UPN and the FQDN that corresponds to the client of the ticket. The structure is defined in MS-PAC section 2.10. MS-KILE specification says in the section 3.3.5.6.4.5 that KDCs should return this buffer. It further clarifies in section 3.3.5.2 that if the user account object has no userPrincipalName attribute, UPN_DNS_INFO should be constructed by concatenating user name, the "@" symbol, and the DNS name of the domain. IPA users don't really have userPrincipalName attribute. Instead, we always construct their account names in LOGON Info3 structure by unparsing the canonical principal name without realm, meaning that user principal can be recovered by concatenating the account name and the realm (domain). Unless the account name and unparsed client principal name are different or the primary Info3 gid (group RID) is the one for machine accounts, mark the UPN as constructed. Related: https://pagure.io/freeipa/issue/8319 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Isaac Boukris <iboukris@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> |
||
|---|---|---|
| .. | ||
| dnssec | ||
| ipa-kdb | ||
| ipa-otpd | ||
| ipa-sam | ||
| ipa-slapi-plugins | ||
| ipa-version.h.in | ||
| Makefile.am | ||