summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/man/sssd-ldap.5.xml8
-rw-r--r--src/providers/ipa/ipa_common.c4
-rw-r--r--src/providers/krb5/krb5_common.c14
-rw-r--r--src/providers/krb5/krb5_common.h3
-rw-r--r--src/providers/ldap/ldap_common.c14
-rw-r--r--src/providers/ldap/sdap.h2
6 files changed, 31 insertions, 14 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 786d5fda..3406dc46 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -909,7 +909,7 @@
</varlistentry>
<varlistentry>
- <term>krb5_kdcip (string)</term>
+ <term>krb5_server (string)</term>
<listitem>
<para>
Specifies the list of IP addresses or hostnames
@@ -928,6 +928,12 @@
SSSD first searches for DNS entries that specify _udp as
the protocol and falls back to _tcp if none are found.
</para>
+ <para>
+ This option was named <quote>krb5_kdcip</quote> in
+ earlier releases of SSSD. While the legacy name is recognized
+ for the time being, users are advised to migrate their config
+ files to use <quote>krb5_server</quote> instead.
+ </para>
</listitem>
</varlistentry>
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 346fcb38..2e7724a6 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -67,7 +67,7 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
/* use the same parm name as the krb5 module so we set it only once */
- { "krb5_kdcip", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING },
{ "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
@@ -460,7 +460,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
/* If there is no KDC, try the deprecated krb5_kdcip option, too */
/* FIXME - this can be removed in a future version */
- ret = krb5_try_kdcip(ipa_opts, cdb, conf_path, ipa_opts->auth);
+ ret = krb5_try_kdcip(ipa_opts, cdb, conf_path, ipa_opts->auth, KRB5_KDC);
if (ret != EOK) {
DEBUG(1, ("sss_krb5_try_kdcip failed.\n"));
goto done;
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 25188c5f..9d114e34 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -184,12 +184,13 @@ errno_t check_and_export_options(struct dp_option *opts,
}
errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
- const char *conf_path, struct dp_option *opts)
+ const char *conf_path, struct dp_option *opts,
+ int opt_id)
{
char *krb5_servers = NULL;
errno_t ret;
- krb5_servers = dp_opt_get_string(opts, KRB5_KDC);
+ krb5_servers = dp_opt_get_string(opts, opt_id);
if (krb5_servers == NULL) {
DEBUG(4, ("No KDC found in configuration, trying legacy option\n"));
ret = confdb_get_string(cdb, memctx, conf_path,
@@ -201,17 +202,18 @@ errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
if (krb5_servers != NULL)
{
- ret = dp_opt_set_string(opts, KRB5_KDC, krb5_servers);
+ ret = dp_opt_set_string(opts, opt_id, krb5_servers);
if (ret != EOK) {
DEBUG(1, ("dp_opt_set_string failed.\n"));
talloc_free(krb5_servers);
return ret;
}
- DEBUG(9, ("Set krb5 server [%s] based on legacy krb5_kdcip option\n"));
+ DEBUG(9, ("Set krb5 server [%s] based on legacy krb5_kdcip option\n",
+ krb5_servers));
DEBUG(0, ("Your configuration uses the deprecated option 'krb5_kdcip' "
"to specify the KDC. Please change the configuration to use "
- "the 'krb5_server' option instead."));
+ "the 'krb5_server' option instead.\n"));
}
}
@@ -239,7 +241,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
/* If there is no KDC, try the deprecated krb5_kdcip option, too */
/* FIXME - this can be removed in a future version */
- ret = krb5_try_kdcip(memctx, cdb, conf_path, opts);
+ ret = krb5_try_kdcip(memctx, cdb, conf_path, opts, KRB5_KDC);
if (ret != EOK) {
DEBUG(1, ("sss_krb5_try_kdcip failed.\n"));
goto done;
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 9ca01467..a6fdd8b8 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -131,7 +131,8 @@ errno_t check_and_export_options(struct dp_option *opts,
struct krb5_ctx *krb5_ctx);
errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
- const char *conf_path, struct dp_option *opts);
+ const char *conf_path, struct dp_option *opts,
+ int opt_id);
errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
const char *conf_path, struct dp_option **_opts);
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 4d9fabc4..302cfc6b 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -62,7 +62,7 @@ struct dp_option default_basic_opts[] = {
{ "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
/* use the same parm name as the krb5 module so we set it only once */
- { "krb5_kdcip", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING },
{ "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
@@ -381,6 +381,14 @@ int ldap_get_options(TALLOC_CTX *memctx,
goto done;
}
+ /* If there is no KDC, try the deprecated krb5_kdcip option, too */
+ /* FIXME - this can be removed in a future version */
+ ret = krb5_try_kdcip(memctx, cdb, conf_path, opts->basic, SDAP_KRB5_KDC);
+ if (ret != EOK) {
+ DEBUG(1, ("sss_krb5_try_kdcip failed.\n"));
+ goto done;
+ }
+
ret = EOK;
*_opts = opts;
@@ -601,9 +609,9 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
const char *krb5_realm;
struct krb5_service *service = NULL;
- krb5_servers = dp_opt_get_string(opts, SDAP_KRB5_KDCIP);
+ krb5_servers = dp_opt_get_string(opts, SDAP_KRB5_KDC);
if (krb5_servers == NULL) {
- DEBUG(1, ("Missing krb5_kdcip option, using service discovery!\n"));
+ DEBUG(1, ("Missing krb5_server option, using service discovery!\n"));
}
krb5_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM);
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 83bfd21b..8c629a3b 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -176,7 +176,7 @@ enum sdap_basic_opt {
SDAP_SASL_AUTHID,
SDAP_KRB5_KEYTAB,
SDAP_KRB5_KINIT,
- SDAP_KRB5_KDCIP,
+ SDAP_KRB5_KDC,
SDAP_KRB5_REALM,
SDAP_PWD_POLICY,
SDAP_REFERRALS,