summaryrefslogtreecommitdiff
path: root/src/providers/krb5/krb5_init.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/krb5/krb5_init.c')
-rw-r--r--src/providers/krb5/krb5_init.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 60c18a8f..a7b06fdf 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -61,7 +61,9 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
struct krb5_ctx *ctx = NULL;
int ret;
const char *krb5_servers;
+ const char *krb5_backup_servers;
const char *krb5_kpasswd_servers;
+ const char *krb5_backup_kpasswd_servers;
const char *krb5_realm;
const char *errstr;
int errval;
@@ -98,9 +100,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->opts = krb5_options->opts;
krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC);
- if (krb5_servers == NULL) {
- DEBUG(SSSDBG_CONF_SETTINGS, ("Missing krb5_server option, using service discovery!\n"));
- }
+ krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC);
krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM);
if (krb5_realm == NULL) {
@@ -109,13 +109,22 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
}
ret = krb5_service_init(ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers,
- NULL, krb5_realm, &ctx->service);
+ krb5_backup_servers, krb5_realm, &ctx->service);
if (ret != EOK) {
DEBUG(0, ("Failed to init KRB5 failover service!\n"));
return ret;
}
krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD);
+ krb5_backup_kpasswd_servers = dp_opt_get_string(ctx->opts,
+ KRB5_BACKUP_KPASSWD);
+ if (krb5_kpasswd_servers == NULL && krb5_backup_kpasswd_servers != NULL) {
+ DEBUG(SSSDBG_CONF_SETTINGS, ("kpasswd server wasn't specified but "
+ "backup kpasswd given. Using it as primary\n"));
+ krb5_kpasswd_servers = krb5_backup_kpasswd_servers;
+ krb5_backup_kpasswd_servers = NULL;
+ }
+
if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) {
DEBUG(0, ("Missing krb5_kpasswd option and KDC set explicitly, "
"will use KDC for pasword change operations!\n"));