From c4675579b4f42c1e05de7ae5741c5cd941039822 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Jan 2013 14:45:14 +1100 Subject: [PATCH] gensec: Allow login without a PAC by default The sense of this test was inverted. We only want to take the ACCESS_DENIED error if gensec:require_pac=true. Andrew Bartlett --- auth/gensec/gensec_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c index d732213..64952b1 100644 --- a/auth/gensec/gensec_util.c +++ b/auth/gensec/gensec_util.c @@ -42,7 +42,7 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx, session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS; if (!pac_blob) { - if (!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) { + if (gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access\n", principal_string)); return NT_STATUS_ACCESS_DENIED; -- 1.7.11.7