[Freeipa-devel] [PATCH] 490 Fix s4u2proxy handling when a MS-PAC is available
Sumit Bose
sbose at redhat.com
Wed Mar 28 09:36:27 UTC 2012
On Tue, Mar 27, 2012 at 03:17:06PM -0400, Simo Sorce wrote:
> This patch fixes #2504, the logic to choose the client principal to use
> was basically reversed, and we ended up using the wrong principal to
> verify the PAC owner.
>
> This patch fixes it. Tested and s4u2proxy keeps working both with and
> without a PAC attached.
>
> It also keeps working with normal TGS requests of course.
ACK, '--delegate' is not neede anymore.
bye,
Sumit
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list