diff options
author | Sumit Bose <sbose@redhat.com> | 2013-06-17 12:33:05 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-17 20:01:31 +0200 |
commit | 1b224723e8db9699835ad58d6f589328f928e14e (patch) | |
tree | 00a51263a9752bad7d6212ba4fc801c71ee009d7 /src/providers/krb5 | |
parent | 95332f72acf87e04be6fb70c5dc00cabd14ac97c (diff) | |
download | sssd-1b224723e8db9699835ad58d6f589328f928e14e.tar.gz sssd-1b224723e8db9699835ad58d6f589328f928e14e.tar.bz2 sssd-1b224723e8db9699835ad58d6f589328f928e14e.zip |
Set default realm for enterprise principals
Enterprise principals require that a default realm is available. To
make SSSD more robust in the case that the default realm option is
missing in krb5.conf or to allow SSSD to work with multiple unconnected
realms (e.g. AD domains without trust between them) the default realm
will be set explicitly.
Fixes https://fedorahosted.org/sssd/ticket/1931
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_child.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index ac9a905f..e9fbfbea 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1943,6 +1943,18 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) } } + /* Enterprise principals require that a default realm is available. To + * make SSSD more robust in the case that the default realm option is + * missing in krb5.conf or to allow SSSD to work with multiple unconnected + * realms (e.g. AD domains without trust between them) the default realm + * will be set explicitly. */ + if (kr->use_enterprise_princ) { + kerr = krb5_set_default_realm(kr->ctx, kr->realm); + if (kerr != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_set_default_realm failed.\n")); + } + } + parse_flags = kr->use_enterprise_princ ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0; kerr = sss_krb5_parse_name_flags(kr->ctx, kr->upn, parse_flags, &kr->princ); if (kerr != 0) { |