CyberNinjas / pam_aad

Azure Active Directory PAM Module
GNU General Public License v3.0
54 stars 19 forks source link

Always allow access if group_id is an empty string #61

Open georgestagg opened 4 years ago

georgestagg commented 4 years ago

This change makes it so that the group membership check is skipped if group_id is empty.

The reasoning is that if our azure app is not authorised to read group membership with /checkMemberGroups, then this is a way to make pam_aad not worry about it, rather than error. (And group based access can be enforced with other PAM modules, if required.)