| commit | b547a8dd3af0ab489ea2163ab986a7dde8b1d771 | |
| author | Christof Schmitt <christof.schmitt@us.ibm.com> | |
| Wed, 18 Jul 2012 21:38:47 +0000 (18 14:38 -0700) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Mon, 5 Nov 2012 10:20:46 +0000 (5 11:20 +0100) | ||
| tree | 69efac155801b9eaa031a39a5c16a3f3065ff2bf | treesnapshot (tar.gz zip) |
| parent | 57907a6e9b3eb8793ba9cd215574fcddff529f14 | commitdiff |
winbind: Extend wbcAuthenticateUserEx to provide PAC
With this new interface, external applications that have authenticated
to an ADS can pass the PAC from the Kerberos ticket to
wbcAuthenticateUserEx. winbindd decodes and extracts the info3
information for the external application. If winbindd can verify the PAC
signature, the info3 from the PACis also added to the netsamlogon_cache.
The info3 data can be used by the external application to get the uid
and primary gid. The data in netsamlogon_cache allows to retrieve the
complete group list through the NSS function getgrouplist.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1bc2f28b9420829645ed571daf2a17e6688b2103)
With this new interface, external applications that have authenticated
to an ADS can pass the PAC from the Kerberos ticket to
wbcAuthenticateUserEx. winbindd decodes and extracts the info3
information for the external application. If winbindd can verify the PAC
signature, the info3 from the PACis also added to the netsamlogon_cache.
The info3 data can be used by the external application to get the uid
and primary gid. The data in netsamlogon_cache allows to retrieve the
complete group list through the NSS function getgrouplist.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1bc2f28b9420829645ed571daf2a17e6688b2103)