As the server authentication policy will be non-NULL only for entries
looked up as servers, the krbtgt shouldn’t have an authentication policy
anyway. But we might as well be explicit.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Enforce the AllowedToAuthenticateTo part of an authentication policy,
* if one is present.
*/
- if (authn_policy_restrictions_present(server->server_policy)) {
+ if (!is_tgs && authn_policy_restrictions_present(server->server_policy)) {
const struct samba_kdc_entry *auth_entry = NULL;
struct auth_user_info_dc *auth_user_info_dc = NULL;