From ed80a7f8ff76089bdcfae7007dbdef42d05e2cc8 Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Tue, 1 Nov 2011 10:19:04 -0400 Subject: Support to request canonicalization in LDAP/IPA provider https://fedorahosted.org/sssd/ticket/957 --- src/providers/ldap/ldap_child.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/providers/ldap/ldap_child.c') diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index b0051fa9..02c7e557 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -139,6 +139,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, char *realm_name = NULL; char *full_princ = NULL; char *default_realm = NULL; + char *tmp_str = NULL; krb5_context context = NULL; krb5_keytab keytab = NULL; krb5_ccache ccache = NULL; @@ -147,6 +148,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krb5_get_init_creds_opt options; krb5_error_code krberr; krb5_timestamp kdc_time_offset; + int canonicalize = 0; int kdc_time_offset_usec; int ret; @@ -253,6 +255,12 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krb5_get_init_creds_opt_set_proxiable(&options, 0); krb5_get_init_creds_opt_set_tkt_life(&options, lifetime); + tmp_str = getenv("KRB5_CANONICALIZE"); + if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) { + canonicalize = 1; + } + sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize); + krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, keytab, 0, NULL, &options); -- cgit