On (11/11/14 22:37), Jakub Hrozek wrote:
On Tue, Nov 11, 2014 at 09:11:45PM +0100, Jakub Hrozek wrote:
> On Tue, Nov 11, 2014 at 06:23:24PM +0100, Lukas Slebodnik wrote:
> > On (11/11/14 13:45), Jakub Hrozek wrote:
> > >On Tue, Nov 11, 2014 at 11:15:30AM +0100, Jakub Hrozek wrote:
> > >> Can you give me access to a host that reproduces this crash? ccname
> > >> should never be NULL with the new patches ...
> > >
> > >..except on access_provider=krb5...
> > >
> > >Thanks for catching that, new patches are attached.
> >
> > There is problem with support of enterprise principals.
> > authentication for such users failed.
>
> Thanks a lot for catching that, I had no trouble logging in as a user
> from a child domain, but I could reproduce the issue when I used a
> completely different suffix.
>
> I'll work on a fix.
Thanks again for the catch, can you test this additional fix on top of
your patches? (Sorry for sending a separate patch, I want to get a fresh
look at the set tomorrow, some other krb5_ccache.c functions might get
the same treatment)
From 5d95f998643d875bcea149dde5e7a16aa42063b4 Mon Sep 17 00:00:00
2001
From: Jakub Hrozek <jhrozek(a)redhat.com>
Date: Tue, 11 Nov 2014 22:33:28 +0100
Subject: [PATCH] sss_krb5_check_ccache_princ fix
---
krb5 + ad tests passed with this patch.
LS