From 02e38eae1b9cb5df2036a707dafd86f6047c17de Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 19 Apr 2010 11:59:09 +0200 Subject: Add support for delayed kinit if offline If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used. --- src/providers/ipa/ipa_init.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/providers/ipa/ipa_init.c') diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 2f0ccf0f..0e72b1fa 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -272,6 +272,15 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, goto done; } + if (dp_opt_get_bool(krb5_auth_ctx->opts, KRB5_STORE_PASSWORD_IF_OFFLINE)) { + ret = init_delayed_online_authentication(krb5_auth_ctx, bectx, + bectx->ev); + if (ret != EOK) { + DEBUG(1, ("init_delayed_online_authentication failed.\n")); + goto done; + } + } + ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain); if (ret != EOK) { DEBUG(1, ("check_and_export_opts failed.\n")); -- cgit