| commit | 825f569922577b347e852c439560deee98b829ba | |
| author | Stefan Becker <chemobejk@gmail.com> | |
| Sun, 24 Feb 2013 13:52:22 +0000 (24 15:52 +0200) | ||
| committer | Stefan Becker <chemobejk@gmail.com> | |
| Sun, 24 Feb 2013 13:52:22 +0000 (24 15:52 +0200) | ||
| tree | 85b92e925978754681b32e527b07e1a9b4ee455e | treesnapshot (tar.gz zip) |
| parent | 2c6a6130e34a5845ccf64c334172a111bb03799d | commitdiff |
security: remove domain extraction from Kerberos
This only affects non Single Sign-On setups.
The code was assuming that user name can contain DOMAIN/ or DOMAIN\
which was probably a leftover from way back. But nowadays the core
receives domain and login name separately from the backend.
Simplify the code to this:
- login name = user@domain -> use "DOMAIN" as realm
- domain not NULL -> use "DOMAIN" as realm
- use empty string as realm
This only affects non Single Sign-On setups.
The code was assuming that user name can contain DOMAIN/ or DOMAIN\
which was probably a leftover from way back. But nowadays the core
receives domain and login name separately from the backend.
Simplify the code to this:
- login name = user@domain -> use "DOMAIN" as realm
- domain not NULL -> use "DOMAIN" as realm
- use empty string as realm
| src/core/sip-sec-krb5.c | diffblobblamehistory |