-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
krb5: add krb5_fast_use_anonymous_pkinit option #5962
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please take a look at my comments
if (kerr != 0) { | ||
DEBUG(SSSDBG_CRIT_FAILURE, | ||
"Failed to get FAST credential with anonymous PKINIT.\n"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure here - is it OK to continue in case of error?
DEBUG(SSSDBG_CRIT_FAILURE, | ||
"Failed to get FAST credential with anonymous PKINIT.\n"); | ||
} | ||
kerr = switch_creds(NULL, fast_uid, fast_gid, 0, NULL, &saved_creds); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
krerr is assigned but not evaluated
14d146c
to
267e75a
Compare
Hi, thanks for the review, the latest version should fix your comments. bye, |
Make the code more flexible to add another method to get FAST credentials. Resolves: SSSD#5961
Add anonymous PKINIT as an alternative method to get FAST credentials. Resolves: SSSD#5961
With the new option krb5_fast_use_anonymous_pkinit SSSD can be told to use anonymous PKINIT to get FAST credential :relnote: Add support for anonymous PKINIT to get FAST credentials Resolves: SSSD#5961
267e75a
to
d451a35
Compare
Thank you for the update. LGTM, ACK |
With the new option krb5_fast_use_anonymous_pkinit SSSD can be told to use
anonymous PKINIT to get FAST credential
:relnote: Add support for anonymous PKINIT to get FAST credentials
Resolves: #5961