diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2010-04-16 17:58:52 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-07 17:14:32 -0400 |
| commit | 66da80489c0114878043b40592c5f47d41eb0ffd (patch) | |
| tree | a69750b3275692fd6dd370da90cce74ad2615e2a /src/providers/krb5 | |
| parent | dd025b4cbd501e2f34461f9d8359a829b81f5c2f (diff) | |
| download | sssd-66da80489c0114878043b40592c5f47d41eb0ffd.tar.gz sssd-66da80489c0114878043b40592c5f47d41eb0ffd.tar.bz2 sssd-66da80489c0114878043b40592c5f47d41eb0ffd.zip | |
Use service discovery in backends
Integrate the failover improvements with our back ends. The DNS domain
used in the SRV query is always the SSSD domain name.
Please note that this patch changes the default value of ldap_uri from
"ldap://localhost" to "NULL" in order to use service discovery with no
server set.
Diffstat (limited to 'src/providers/krb5')
| -rw-r--r-- | src/providers/krb5/krb5_common.c | 21 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_common.h | 4 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_init.c | 8 |
3 files changed, 27 insertions, 6 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 1423b089..bc2d3fbc 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -334,6 +334,10 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, goto done; } + if (!servers) { + servers = BE_SRV_IDENTIFIER; + } + ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL); if (ret != EOK) { DEBUG(1, ("Failed to parse server list!\n")); @@ -344,6 +348,23 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, talloc_steal(service, list[i]); server_spec = talloc_strdup(service, list[i]); + if (!server_spec) { + ret = ENOMEM; + goto done; + } + + if (be_fo_is_srv_identifier(server_spec)) { + ret = be_fo_add_srv_server(ctx, service_name, service_name, + FO_PROTO_TCP, ctx->domain->name, NULL); + if (ret) { + DEBUG(0, ("Failed to add server\n")); + goto done; + } + + DEBUG(6, ("Added service lookup\n")); + continue; + } + port_str = strrchr(server_spec, ':'); if (port_str == NULL) { port = 0; diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 0482ef02..12c487a9 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -40,8 +40,8 @@ #define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s" #define KPASSWDINFO_TMPL PUBCONF_PATH"/kpasswdinfo.%s" -#define SSS_KRB5KDC_FO_SRV "KRB5KDC" -#define SSS_KRB5KPASSWD_FO_SRV "KRB5KPASSWD" +#define SSS_KRB5KDC_FO_SRV "KERBEROS" +#define SSS_KRB5KPASSWD_FO_SRV "KPASSWD" enum krb5_opts { KRB5_KDC = 0, diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index 0bacb3f8..03d95260 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -90,8 +90,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); if (krb5_servers == NULL) { - DEBUG(0, ("Missing krb5_kdcip option!\n")); - return EINVAL; + DEBUG(1, ("Missing krb5_kdcip option, using service discovery!\n")); } krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); @@ -108,8 +107,9 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD); - if (krb5_kpasswd_servers == NULL) { - DEBUG(0, ("Missing krb5_kpasswd option, using KDC!\n")); + if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) { + DEBUG(0, ("Missing krb5_kpasswd option and KDC set explicitly, " + "will use KDC for pasword change operations!\n")); ctx->kpasswd_service = NULL; } else { ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV, |