31 lines
1020 B
Diff
31 lines
1020 B
Diff
From 93a5264dd68da57e172af50020f670631eeef263 Mon Sep 17 00:00:00 2001
|
|
From: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Date: Tue, 23 Nov 2021 20:15:41 +1300
|
|
Subject: [PATCH 41/99] kdc: Always add the PAC if the header TGT is from an
|
|
RODC
|
|
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 690a00a40c0a3f77da6e4dca42b630f2793a98b8)
|
|
Conflict: remove selftest/knownfail_heimdal_kdc
|
|
---
|
|
source4/kdc/wdc-samba4.c | 2 +-
|
|
2 files changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
|
|
index ecd182702c3..8c3ce71529c 100644
|
|
--- a/source4/kdc/wdc-samba4.c
|
|
+++ b/source4/kdc/wdc-samba4.c
|
|
@@ -471,7 +471,7 @@ static krb5_error_code samba_wdc_reget_pac2(krb5_context context,
|
|
goto out;
|
|
}
|
|
|
|
- if (!server_skdc_entry->is_krbtgt) {
|
|
+ if (!is_untrusted && !server_skdc_entry->is_krbtgt) {
|
|
/*
|
|
* The client may have requested no PAC when obtaining the
|
|
* TGT.
|
|
--
|
|
2.25.1
|
|
|