diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2010-07-20 18:35:50 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-08-03 13:50:28 -0400 |
commit | 2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d (patch) | |
tree | 555aa8943fe4bf30d52d2dd64bde1fe5692b0b09 /src/providers/ldap/sdap_child_helpers.c | |
parent | 13d90c2ae8413317947d392c89fffca10ec83587 (diff) | |
download | sssd-2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d.tar.gz sssd-2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d.tar.bz2 sssd-2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d.zip |
Validate keytab at startup
In addition to validating the keytab everytime a TGT is requested, we
also validate the keytab on back end startup to give early warning that
the keytab is not usable.
Fixes: #556
Diffstat (limited to 'src/providers/ldap/sdap_child_helpers.c')
-rw-r--r-- | src/providers/ldap/sdap_child_helpers.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index 58b757ef..1b122485 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -29,6 +29,7 @@ #include <fcntl.h> #include "util/util.h" +#include "util/sss_krb5.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_private.h" #include "providers/child_common.h" @@ -455,6 +456,21 @@ int setup_child(struct sdap_id_ctx *ctx) return EOK; } + if (mech && (strcasecmp(mech, "GSSAPI") == 0)) { + ret = sss_krb5_verify_keytab(dp_opt_get_string(ctx->opts->basic, + SDAP_SASL_AUTHID), + dp_opt_get_string(ctx->opts->basic, + SDAP_KRB5_REALM), + dp_opt_get_string(ctx->opts->basic, + SDAP_KRB5_KEYTAB)); + + if (ret != EOK) { + DEBUG(0, ("Could not verify keytab\n")) + return ret; + } + + } + if (debug_to_file != 0 && ldap_child_debug_fd == -1) { ret = open_debug_file_ex("ldap_child", &debug_filep); if (ret != EOK) { |