diff options
| author | Volker Lendecke <vl@samba.org> | 2009-08-26 14:56:41 +0200 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2009-08-26 15:28:06 +0200 |
| commit | b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088 (patch) | |
| tree | d82e327e9134f2bbac5e3f4881be3906f9fe74be /source3/param | |
| parent | da99e3a724b493ba47a06d0704b891819ad16647 (diff) | |
| download | samba-b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088.tar.gz samba-b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088.tar.bz2 samba-b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088.zip | |
Add a parameter to disable the automatic creation of krb5.conf files
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
Diffstat (limited to 'source3/param')
| -rw-r--r-- | source3/param/loadparm.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 35984716a2..c91f67656b 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -199,6 +199,7 @@ struct global { bool bWinbindOfflineLogon; bool bWinbindNormalizeNames; bool bWinbindRpcOnly; + bool bCreateKrb5Conf; char *szIdmapBackend; char *szIdmapAllocBackend; char *szAddShareCommand; @@ -4588,6 +4589,15 @@ static struct parm_struct parm_table[] = { .enum_list = NULL, .flags = FLAG_ADVANCED, }, + { + .label = "create krb5 conf", + .type = P_BOOL, + .p_class = P_GLOBAL, + .ptr = &Globals.bCreateKrb5Conf, + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} }; @@ -5005,6 +5015,7 @@ static void init_globals(bool first_time_only) #endif Globals.bUnixExtensions = True; Globals.bResetOnZeroVC = False; + Globals.bCreateKrb5Conf = true; /* hostname lookups can be very expensive and are broken on a large number of sites (tridge) */ @@ -5359,6 +5370,7 @@ FN_GLOBAL_BOOL(lp_winbind_refresh_tickets, &Globals.bWinbindRefreshTickets) FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon) FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames) FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly) +FN_GLOBAL_BOOL(lp_create_krb5_conf, &Globals.bCreateKrb5Conf) FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend) FN_GLOBAL_STRING(lp_idmap_alloc_backend, &Globals.szIdmapAllocBackend) |