diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-01-24 02:48:40 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:44:18 -0500 |
| commit | d5bbd817fe83aed1ee48ed4f478f3887c059f7b9 (patch) | |
| tree | f4373e5c069d1b6f1cbc489d3e5addc8dd8e6a19 /source4/kdc | |
| parent | 14503a65ec81ae15a05633b0aea6e62e35b021f3 (diff) | |
| download | samba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.tar.gz samba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.tar.bz2 samba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.zip | |
r20988: Call out to Heimdal's krb5.conf processing to configure many aspects
of KDC behaviour. This should allow PKINIT to be turned on and
managed with reasonable sanity.
This also means that the krb5.conf in the same directory as the
smb.conf will always have priority in Samba4, which I think will be
useful.
Andrew Bartlett
(This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
Diffstat (limited to 'source4/kdc')
| -rw-r--r-- | source4/kdc/kdc.c | 41 |
1 files changed, 19 insertions, 22 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 64911a0988..1cb9ed1981 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -580,17 +580,6 @@ static void kdc_task_init(struct task_server *task) kdc->task = task; - /* Setup the KDC configuration */ - kdc->config = talloc(kdc, krb5_kdc_configuration); - if (!kdc->config) { - task_server_terminate(task, "kdc: out of memory"); - return; - } - krb5_kdc_default_config(kdc->config); - - kdc->config->enable_pkinit = lp_parm_bool(-1, "kdc", "pkinit", True); - kdc->config->enable_pkinit_princ_in_cert = lp_parm_bool(-1, "kdc", "pkinit_princ_in_cert", True); - initialize_krb5_error_table(); ret = smb_krb5_init_context(kdc, &kdc->smb_krb5_context); @@ -603,6 +592,23 @@ static void kdc_task_init(struct task_server *task) krb5_add_et_list(kdc->smb_krb5_context->krb5_context, initialize_hdb_error_table_r); + /* Registar WinDC hooks */ + ret = _krb5_plugin_register(kdc->smb_krb5_context->krb5_context, + PLUGIN_TYPE_DATA, "windc", + &windc_plugin_table); + if(ret) { + task_server_terminate(task, "kdc: failed to register hdb keytab"); + return; + } + + /* Setup the KDC configuration */ + kdc->config = talloc(kdc, krb5_kdc_configuration); + if (!kdc->config) { + task_server_terminate(task, "kdc: out of memory"); + return; + } + krb5_kdc_default_config(kdc->config); + kdc->config->logf = kdc->smb_krb5_context->logf; kdc->config->db = talloc(kdc->config, struct HDB *); if (!kdc->config->db) { @@ -624,18 +630,9 @@ static void kdc_task_init(struct task_server *task) return; } - kdc_mem_ctx = kdc->smb_krb5_context; - - /* Registar WinDC hooks */ - ret = _krb5_plugin_register(kdc->smb_krb5_context->krb5_context, - PLUGIN_TYPE_DATA, "windc", - &windc_plugin_table); - if(ret) { - task_server_terminate(task, "kdc: failed to register hdb keytab"); - return; - } + krb5_kdc_configure(kdc->smb_krb5_context->krb5_context, kdc->config); - _kdc_windc_init(kdc->smb_krb5_context->krb5_context); + kdc_mem_ctx = kdc->smb_krb5_context; /* start listening on the configured network interfaces */ status = kdc_startup_interfaces(kdc); |