diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-07 11:28:35 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-10 21:03:01 +0200 |
commit | 14452cd066b51e32ca0ebad6c45ae909a1debe57 (patch) | |
tree | 5c89a40d71008b0b2853b831d937a995e4a424ef /src/providers/krb5/krb5_common.c | |
parent | 7b5e7e539ae9312ab55d75aa94feaad549b2a708 (diff) | |
download | sssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.tar.gz sssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.tar.bz2 sssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.zip |
A new option krb5_use_kdcinfo
https://fedorahosted.org/sssd/ticket/1883
The patch introduces a new Kerberos provider option called
krb5_use_kdcinfo. The option is true by default in all providers. When
set to false, the SSSD will not create krb5 info files that the locator
plugin consumes and the user would have to set up the Kerberos options
manually in krb5.conf
Diffstat (limited to 'src/providers/krb5/krb5_common.c')
-rw-r--r-- | src/providers/krb5/krb5_common.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index e60e6e0e..9db14b8a 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -452,18 +452,20 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) return; } - safe_address = talloc_asprintf_append(safe_address, ":%d", - fo_get_server_port(server)); - if (safe_address == NULL) { - DEBUG(1, ("talloc_asprintf_append failed.\n")); - talloc_free(tmp_ctx); - return; - } + if (krb5_service->write_kdcinfo) { + safe_address = talloc_asprintf_append(safe_address, ":%d", + fo_get_server_port(server)); + if (safe_address == NULL) { + DEBUG(1, ("talloc_asprintf_append failed.\n")); + talloc_free(tmp_ctx); + return; + } - ret = write_krb5info_file(krb5_service->realm, safe_address, - krb5_service->name); - if (ret != EOK) { - DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); + ret = write_krb5info_file(krb5_service->realm, safe_address, + krb5_service->name); + if (ret != EOK) { + DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); + } } talloc_free(tmp_ctx); @@ -620,7 +622,9 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *service_name, const char *primary_servers, const char *backup_servers, - const char *realm, struct krb5_service **_service) + const char *realm, + bool use_kdcinfo, + struct krb5_service **_service) { TALLOC_CTX *tmp_ctx; struct krb5_service *service; @@ -655,6 +659,8 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, goto done; } + service->write_kdcinfo = use_kdcinfo; + if (!primary_servers) { DEBUG(SSSDBG_CONF_SETTINGS, ("No primary servers defined, using service discovery\n")); |