summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-09-25 17:21:36 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-09-27 10:33:25 +0200
commitbbd43fbcd8f70eedeac4e4ce01c36256cde82ab1 (patch)
tree611f89e5c2fc5e4f991ff5f22ac9b609720197df /src/providers
parentc5711b0279ea85d69fe3c77dfb194360c346e1d7 (diff)
downloadsssd-bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1.tar.gz
sssd-bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1.tar.bz2
sssd-bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1.zip
ipa_server_mode: write capaths to krb5 include file
If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ad/ad_subdomains.c2
-rw-r--r--src/providers/ipa/ipa_subdomains.c4
2 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index e8345ae5..f6d2eb81 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -482,7 +482,7 @@ static void ad_subdomains_get_slave_domain_done(struct tevent_req *req)
goto done;
}
- ret = sss_write_domain_mappings(ctx->sd_ctx->be_ctx->domain);
+ ret = sss_write_domain_mappings(ctx->sd_ctx->be_ctx->domain, false);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("sss_krb5_write_mappings failed.\n"));
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 03b780d6..ab0fdf65 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -932,7 +932,9 @@ static void ipa_subdomains_handler_done(struct tevent_req *req)
goto done;
}
- ret = sss_write_domain_mappings(domain);
+ ret = sss_write_domain_mappings(domain,
+ dp_opt_get_bool(ctx->sd_ctx->id_ctx->ipa_options->basic,
+ IPA_SERVER_MODE));
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("sss_krb5_write_mappings failed.\n"));