From 7dfc7617085c403d30debe9f08d4c9bcca322744 Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzeleny@redhat.com>
Date: Wed, 19 Oct 2011 03:27:47 -0400
Subject: Add support to request canonicalization on krb AS requests

https://fedorahosted.org/sssd/ticket/957
---
 src/providers/ipa/ipa_common.c | 3 ++-
 src/providers/ipa/ipa_common.h | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/providers/ipa')

diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 12c0bb67..b68c72b4 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -175,7 +175,8 @@ struct dp_option ipa_def_krb5_opts[] = {
     { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "krb5_renew_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER },
     { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING },
-    { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }
+    { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }
 };
 
 int ipa_get_options(TALLOC_CTX *memctx,
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 57591150..20074b45 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -40,7 +40,7 @@ struct ipa_service {
 /* the following define is used to keep track of the options in the krb5
  * module, so that if they change and ipa is not updated correspondingly
  * this will trigger a runtime abort error */
-#define IPA_KRB5_OPTS_TEST 14
+#define IPA_KRB5_OPTS_TEST 15
 
 enum ipa_basic_opt {
     IPA_DOMAIN = 0,
-- 
cgit