From bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 25 Sep 2013 17:21:36 +0200 Subject: ipa_server_mode: write capaths to krb5 include file If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093 --- src/providers/ipa/ipa_subdomains.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/providers/ipa/ipa_subdomains.c') diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 03b780d6..ab0fdf65 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -932,7 +932,9 @@ static void ipa_subdomains_handler_done(struct tevent_req *req) goto done; } - ret = sss_write_domain_mappings(domain); + ret = sss_write_domain_mappings(domain, + dp_opt_get_bool(ctx->sd_ctx->id_ctx->ipa_options->basic, + IPA_SERVER_MODE)); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("sss_krb5_write_mappings failed.\n")); -- cgit