From 97ad669a7ab6e34d0c9f9e9d6cdac9444f86ba12 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 17 Dec 2012 22:08:59 +0100 Subject: [PATCH 1/2] select_principal_from_keytab() look for plain input as well Currently in select_principal_from_keytab() all kind of different versions of the host principal are looked up in the keytab except for the plain name the ldap_sasl_authid option. With this patch the plain name is looked up first. --- src/util/sss_krb5.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 3837457..0eb032a 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -49,14 +49,18 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, /** * Priority of lookup: + * - our.hostname@REALM or host/our.hostname@REALM depending on the input + * - our.hostname$@REALM (AD domain) * - foobar$@REALM (AD domain) * - host/our.hostname@REALM * - host/foobar@REALM * - host/foo@BAR * - pick the first principal in the keytab */ - const char *primary_patterns[] = {"%s$", "*$", "host/%s", "host/*", "host/*", NULL}; - const char *realm_patterns[] = {"%s", "%s", "%s", "%s", NULL, NULL}; + const char *primary_patterns[] = {"%s", "%s$", "*$", "host/%s", "host/*", + "host/*", NULL}; + const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s", + NULL, NULL}; DEBUG(5, ("trying to select the most appropriate principal from keytab\n")); tmp_ctx = talloc_new(NULL); -- 1.7.7.6