summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-06-07 11:28:35 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-10 21:03:01 +0200
commit14452cd066b51e32ca0ebad6c45ae909a1debe57 (patch)
tree5c89a40d71008b0b2853b831d937a995e4a424ef /src/providers/ldap
parent7b5e7e539ae9312ab55d75aa94feaad549b2a708 (diff)
downloadsssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.tar.gz
sssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.tar.bz2
sssd-14452cd066b51e32ca0ebad6c45ae909a1debe57.zip
A new option krb5_use_kdcinfo
https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_common.c8
-rw-r--r--src/providers/ldap/ldap_opts.h1
-rw-r--r--src/providers/ldap/sdap.h1
3 files changed, 8 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index fd6f05de..96edd336 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -1269,8 +1269,12 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
}
}
- ret = krb5_service_init(mem_ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers,
- krb5_backup_servers, krb5_realm, &service);
+ ret = krb5_service_init(mem_ctx, bectx,
+ SSS_KRB5KDC_FO_SRV, krb5_servers,
+ krb5_backup_servers, krb5_realm,
+ dp_opt_get_bool(opts,
+ SDAP_KRB5_USE_KDCINFO),
+ &service);
if (ret != EOK) {
DEBUG(0, ("Failed to init KRB5 failover service!\n"));
goto done;
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index 807716c1..6857d4ca 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -79,6 +79,7 @@ struct dp_option default_basic_opts[] = {
{ "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
+ { "krb5_use_kdcinfo", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
{ "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING },
{ "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
{ "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index f77636b3..6f10efa4 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -186,6 +186,7 @@ enum sdap_basic_opt {
SDAP_KRB5_BACKUP_KDC,
SDAP_KRB5_REALM,
SDAP_KRB5_CANONICALIZE,
+ SDAP_KRB5_USE_KDCINFO,
SDAP_PWD_POLICY,
SDAP_REFERRALS,
SDAP_ACCOUNT_CACHE_EXPIRATION,