diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-07 11:28:35 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-10 21:03:01 +0200 |
| commit | 14452cd066b51e32ca0ebad6c45ae909a1debe57 (patch) | |
| tree | 5c89a40d71008b0b2853b831d937a995e4a424ef /src/providers/ldap | |
| parent | 7b5e7e539ae9312ab55d75aa94feaad549b2a708 (diff) | |
| download | sssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.tar.gz sssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.tar.bz2 sssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.zip | |
A new option krb5_use_kdcinfo
https://fedorahosted.org/sssd/ticket/1883
The patch introduces a new Kerberos provider option called
krb5_use_kdcinfo. The option is true by default in all providers. When
set to false, the SSSD will not create krb5 info files that the locator
plugin consumes and the user would have to set up the Kerberos options
manually in krb5.conf
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 8 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 1 |
3 files changed, 8 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index fd6f05de..96edd336 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -1269,8 +1269,12 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, } } - ret = krb5_service_init(mem_ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers, - krb5_backup_servers, krb5_realm, &service); + ret = krb5_service_init(mem_ctx, bectx, + SSS_KRB5KDC_FO_SRV, krb5_servers, + krb5_backup_servers, krb5_realm, + dp_opt_get_bool(opts, + SDAP_KRB5_USE_KDCINFO), + &service); if (ret != EOK) { DEBUG(0, ("Failed to init KRB5 failover service!\n")); goto done; diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index 807716c1..6857d4ca 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -79,6 +79,7 @@ struct dp_option default_basic_opts[] = { { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + { "krb5_use_kdcinfo", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index f77636b3..6f10efa4 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -186,6 +186,7 @@ enum sdap_basic_opt { SDAP_KRB5_BACKUP_KDC, SDAP_KRB5_REALM, SDAP_KRB5_CANONICALIZE, + SDAP_KRB5_USE_KDCINFO, SDAP_PWD_POLICY, SDAP_REFERRALS, SDAP_ACCOUNT_CACHE_EXPIRATION, |