diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2011-11-01 10:19:04 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-11-02 14:10:31 -0400 |
commit | ed80a7f8ff76089bdcfae7007dbdef42d05e2cc8 (patch) | |
tree | d2033a77c277be1c49cba8ff54e4d3d7070721d0 /src/providers/ldap/ldap_child.c | |
parent | 7dfc7617085c403d30debe9f08d4c9bcca322744 (diff) | |
download | sssd-ed80a7f8ff76089bdcfae7007dbdef42d05e2cc8.tar.gz sssd-ed80a7f8ff76089bdcfae7007dbdef42d05e2cc8.tar.bz2 sssd-ed80a7f8ff76089bdcfae7007dbdef42d05e2cc8.zip |
Support to request canonicalization in LDAP/IPA provider
https://fedorahosted.org/sssd/ticket/957
Diffstat (limited to 'src/providers/ldap/ldap_child.c')
-rw-r--r-- | src/providers/ldap/ldap_child.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index b0051fa9..02c7e557 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -139,6 +139,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, char *realm_name = NULL; char *full_princ = NULL; char *default_realm = NULL; + char *tmp_str = NULL; krb5_context context = NULL; krb5_keytab keytab = NULL; krb5_ccache ccache = NULL; @@ -147,6 +148,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krb5_get_init_creds_opt options; krb5_error_code krberr; krb5_timestamp kdc_time_offset; + int canonicalize = 0; int kdc_time_offset_usec; int ret; @@ -253,6 +255,12 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krb5_get_init_creds_opt_set_proxiable(&options, 0); krb5_get_init_creds_opt_set_tkt_life(&options, lifetime); + tmp_str = getenv("KRB5_CANONICALIZE"); + if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) { + canonicalize = 1; + } + sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize); + krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, keytab, 0, NULL, &options); |