From 55e93cf1cf4d61c6de7975cbdc97a723545586c0 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 8 Jun 2022 10:11:15 +0200
Subject: [PATCH] pac: relax default for pac_check option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PAC might not be always present, especially in IPA environments. So the
default of pac_check should not contain 'pac_present'.

Resolves: https://github.com/SSSD/sssd/issues/5868

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 src/confdb/confdb.h     | 2 +-
 src/man/sssd.conf.5.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index d9fe571ded2d4ed19fe8e18466eab81b81148844..83f6be7f9a142464d63c06bc6d8828ffffa9625b 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -181,7 +181,7 @@
 #define CONFDB_PAC_LIFETIME "pac_lifetime"
 #define CONFDB_PAC_CHECK "pac_check"
 #define CONFDB_PAC_CHECK_DEFAULT "no_check"
-#define CONFDB_PAC_CHECK_IPA_AD_DEFAULT "pac_present, check_upn, check_upn_dns_info_ex"
+#define CONFDB_PAC_CHECK_IPA_AD_DEFAULT "check_upn, check_upn_dns_info_ex"

 /* InfoPipe */
 #define CONFDB_IFP_CONF_ENTRY "config/ifp"
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 70544742740946f3e0ba1568d34e8bdebface072..e921ba575c2f2f69d9d7abe0211f80b44dca9cf4 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2298,7 +2298,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit
                         </para>
                         <para>
                             Default: no_check (AD and IPA provider
-                            'pac_present, check_upn, check_upn_dns_info_ex')
+                            'check_upn, check_upn_dns_info_ex')
                         </para>
                     </listitem>
                 </varlistentry>
--
2.34.3