diff options
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r-- | source4/heimdal/kdc/default_config.c | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 118bdf97aa..f745183e51 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -258,37 +258,43 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) 0, "kdc", "pkinit_dh_min_bits", NULL); + *config = c; + return 0; +} + +krb5_error_code +krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config) +{ +#ifdef PKINIT #ifdef __APPLE__ - c->enable_pkinit = 1; + config->enable_pkinit = 1; - if (c->pkinit_kdc_identity == NULL) { - if (c->pkinit_kdc_friendly_name == NULL) - c->pkinit_kdc_friendly_name = + if (config->pkinit_kdc_identity == NULL) { + if (config->pkinit_kdc_friendly_name == NULL) + config->pkinit_kdc_friendly_name = strdup("O=System Identity,CN=com.apple.kerberos.kdc"); - c->pkinit_kdc_identity = strdup("KEYCHAIN:"); + config->pkinit_kdc_identity = strdup("KEYCHAIN:"); } - if (c->pkinit_kdc_anchors == NULL) - c->pkinit_kdc_anchors = strdup("KEYCHAIN:"); + if (config->pkinit_kdc_anchors == NULL) + config->pkinit_kdc_anchors = strdup("KEYCHAIN:"); -#endif +#endif /* __APPLE__ */ - if (c->enable_pkinit) { - if (c->pkinit_kdc_identity == NULL) + if (config->enable_pkinit) { + if (config->pkinit_kdc_identity == NULL) krb5_errx(context, 1, "pkinit enabled but no identity"); - if (c->pkinit_kdc_anchors == NULL) + if (config->pkinit_kdc_anchors == NULL) krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); - krb5_kdc_pk_initialize(context, c, - c->pkinit_kdc_identity, - c->pkinit_kdc_anchors, - c->pkinit_kdc_cert_pool, - c->pkinit_kdc_revoke); + krb5_kdc_pk_initialize(context, config, + config->pkinit_kdc_identity, + config->pkinit_kdc_anchors, + config->pkinit_kdc_cert_pool, + config->pkinit_kdc_revoke); } - *config = c; - - return 0; +#endif /* PKINIT */ } |