From 9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 11 Nov 2009 14:16:41 +0100
Subject: Validate Kerberos credentials with local keytab

---
 server/config/SSSDConfig.py                 | 2 ++
 server/config/SSSDConfigTest.py             | 6 ++++++
 server/config/etc/sssd.api.d/sssd-krb5.conf | 4 +++-
 3 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'server/config')

diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index 2de9e7a9..57d39c7b 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -91,6 +91,8 @@ option_strings = {
     # [provider/krb5/auth]
     'krb5_ccachedir' : _('Directory to store credential caches'),
     'krb5_ccname_template' : _("Location of the user's credential cache"),
+    'krb5_keytab' : _("Location of the keytab to validate credentials"),
+    'krb5_validate' : _("Enable credential validation"),
 
     # [provider/krb5/chpass]
     'krb5_changepw_principal' : _('The principal of the change password service'),
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index e5462334..aca1fbd4 100644
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -424,6 +424,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
              'krb5_realm',
              'krb5_ccachedir',
              'krb5_ccname_template',
+             'krb5_keytab',
+             'krb5_validate',
              'krb5_auth_timeout'])
 
         options = domain.list_options()
@@ -495,6 +497,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'krb5_realm',
             'krb5_ccachedir',
             'krb5_ccname_template',
+            'krb5_keytab',
+            'krb5_validate',
             'krb5_auth_timeout']
 
         self.assertTrue(type(options) == dict,
@@ -631,6 +635,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
              'krb5_realm',
              'krb5_ccachedir',
              'krb5_ccname_template',
+             'krb5_keytab',
+             'krb5_validate',
              'krb5_auth_timeout'])
 
         options = domain.list_options()
diff --git a/server/config/etc/sssd.api.d/sssd-krb5.conf b/server/config/etc/sssd.api.d/sssd-krb5.conf
index 85067e93..860f8b89 100644
--- a/server/config/etc/sssd.api.d/sssd-krb5.conf
+++ b/server/config/etc/sssd.api.d/sssd-krb5.conf
@@ -6,8 +6,10 @@ krb5_auth_timeout = int, None
 [provider/krb5/auth]
 krb5_ccachedir = str, None
 krb5_ccname_template = str, None
+krb5_keytab = str, None
+krb5_validate = bool, None
 
 [provider/krb5/access]
 
 [provider/krb5/chpass]
-krb5_changepw_principal = str, None
\ No newline at end of file
+krb5_changepw_principal = str, None
-- 
cgit