[Freeipa-devel] [PATCH] 490 Fix s4u2proxy handling when a MS-PAC is available
Simo Sorce
simo at redhat.com
Tue Apr 3 13:29:59 UTC 2012
On Wed, 2012-03-28 at 11:36 +0200, Sumit Bose wrote:
> On Tue, Mar 27, 2012 at 03:17:06PM -0400, Simo Sorce wrote:
> > This patch fixes #2504, the logic to choose the client principal to use
> > was basically reversed, and we ended up using the wrong principal to
> > verify the PAC owner.
> >
> > This patch fixes it. Tested and s4u2proxy keeps working both with and
> > without a PAC attached.
> >
> > It also keeps working with normal TGS requests of course.
>
> ACK, '--delegate' is not neede anymore.
Pushed to master.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list