diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-04-19 11:59:09 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-26 15:14:40 -0400 |
| commit | 02e38eae1b9cb5df2036a707dafd86f6047c17de (patch) | |
| tree | 970b10c1df9bfe101a3d84ec1ff87dedd5364186 /src/config | |
| parent | 06c03627c81a5252420931383a68eb67ba551667 (diff) | |
| download | sssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.tar.gz sssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.tar.bz2 sssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.zip | |
Add support for delayed kinit if offline
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/SSSDConfig.py | 1 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 3 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-krb5.conf | 1 |
3 files changed, 5 insertions, 0 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 9e178f11..6b759d83 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -100,6 +100,7 @@ option_strings = { 'krb5_ccname_template' : _("Location of the user's credential cache"), 'krb5_keytab' : _("Location of the keytab to validate credentials"), 'krb5_validate' : _("Enable credential validation"), + 'krb5_store_password_if_offline' : _("Store password if offline for later online authentication"), # [provider/krb5/chpass] 'krb5_changepw_principal' : _('The principal of the change password service'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 32bb7123..61c2f949 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -548,6 +548,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'krb5_ccname_template', 'krb5_keytab', 'krb5_validate', + 'krb5_store_password_if_offline', 'krb5_auth_timeout']) options = domain.list_options() @@ -719,6 +720,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'krb5_ccname_template', 'krb5_keytab', 'krb5_validate', + 'krb5_store_password_if_offline', 'krb5_auth_timeout'] self.assertTrue(type(options) == dict, @@ -865,6 +867,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'krb5_ccname_template', 'krb5_keytab', 'krb5_validate', + 'krb5_store_password_if_offline', 'krb5_auth_timeout']) options = domain.list_options() diff --git a/src/config/etc/sssd.api.d/sssd-krb5.conf b/src/config/etc/sssd.api.d/sssd-krb5.conf index a9c8230b..eeb8fe13 100644 --- a/src/config/etc/sssd.api.d/sssd-krb5.conf +++ b/src/config/etc/sssd.api.d/sssd-krb5.conf @@ -9,6 +9,7 @@ krb5_ccachedir = str, None, false krb5_ccname_template = str, None, false krb5_keytab = str, None, false krb5_validate = bool, None, false +krb5_store_password_if_offline = bool, None, false [provider/krb5/chpass] krb5_changepw_principal = str, None, false |