Hi,
attached is a small patch I prepared when testing the PAC responder patches. In my case, the user was a member of a well-known SID S-1-18-1 which didn't resolve into a domain and all his groups were skipped. I think we should just skip the offending SID and carry on.
On Mon, Aug 26, 2013 at 10:19:25AM +0200, Jakub Hrozek wrote:
Hi,
attached is a small patch I prepared when testing the PAC responder patches. In my case, the user was a member of a well-known SID S-1-18-1 which didn't resolve into a domain and all his groups were skipped. I think we should just skip the offending SID and carry on.
ACK
bye, Sumit
On Mon, Aug 26, 2013 at 11:17:20AM +0200, Sumit Bose wrote:
On Mon, Aug 26, 2013 at 10:19:25AM +0200, Jakub Hrozek wrote:
Hi,
attached is a small patch I prepared when testing the PAC responder patches. In my case, the user was a member of a well-known SID S-1-18-1 which didn't resolve into a domain and all his groups were skipped. I think we should just skip the offending SID and carry on.
ACK
bye, Sumit
Thanks for the review. btw it seems that this SID is not part of tokenGroups (which makes sense given that it's authentication related) so we don't have to amend the check for builtin groups we currently have.
On Mon, Aug 26, 2013 at 11:31:06AM +0200, Jakub Hrozek wrote:
On Mon, Aug 26, 2013 at 11:17:20AM +0200, Sumit Bose wrote:
On Mon, Aug 26, 2013 at 10:19:25AM +0200, Jakub Hrozek wrote:
Hi,
attached is a small patch I prepared when testing the PAC responder patches. In my case, the user was a member of a well-known SID S-1-18-1 which didn't resolve into a domain and all his groups were skipped. I think we should just skip the offending SID and carry on.
ACK
bye, Sumit
Thanks for the review. btw it seems that this SID is not part of tokenGroups (which makes sense given that it's authentication related) so we don't have to amend the check for builtin groups we currently have.
Pushed to master.
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Sumit Bose