summaryrefslogtreecommitdiff
path: root/src/providers/krb5
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-06-17 12:33:05 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-17 20:01:31 +0200
commit1b224723e8db9699835ad58d6f589328f928e14e (patch)
tree00a51263a9752bad7d6212ba4fc801c71ee009d7 /src/providers/krb5
parent95332f72acf87e04be6fb70c5dc00cabd14ac97c (diff)
downloadsssd-1b224723e8db9699835ad58d6f589328f928e14e.tar.gz
sssd-1b224723e8db9699835ad58d6f589328f928e14e.tar.bz2
sssd-1b224723e8db9699835ad58d6f589328f928e14e.zip
Set default realm for enterprise principals
Enterprise principals require that a default realm is available. To make SSSD more robust in the case that the default realm option is missing in krb5.conf or to allow SSSD to work with multiple unconnected realms (e.g. AD domains without trust between them) the default realm will be set explicitly. Fixes https://fedorahosted.org/sssd/ticket/1931
Diffstat (limited to 'src/providers/krb5')
-rw-r--r--src/providers/krb5/krb5_child.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index ac9a905f..e9fbfbea 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1943,6 +1943,18 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)
}
}
+ /* Enterprise principals require that a default realm is available. To
+ * make SSSD more robust in the case that the default realm option is
+ * missing in krb5.conf or to allow SSSD to work with multiple unconnected
+ * realms (e.g. AD domains without trust between them) the default realm
+ * will be set explicitly. */
+ if (kr->use_enterprise_princ) {
+ kerr = krb5_set_default_realm(kr->ctx, kr->realm);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_set_default_realm failed.\n"));
+ }
+ }
+
parse_flags = kr->use_enterprise_princ ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0;
kerr = sss_krb5_parse_name_flags(kr->ctx, kr->upn, parse_flags, &kr->princ);
if (kerr != 0) {