diff options
-rw-r--r-- | freeipa.spec.in | 2 | ||||
-rw-r--r-- | install/share/krb5.conf.template | 2 | ||||
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 7 |
3 files changed, 9 insertions, 2 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 8a095db41..879ae9951 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -63,7 +63,7 @@ BuildRequires: pylint BuildRequires: python-polib BuildRequires: libipa_hbac-python BuildRequires: python-memcached -BuildRequires: sssd >= 1.8.0 +BuildRequires: sssd >= 1.9.2 BuildRequires: python-lxml BuildRequires: python-pyasn1 >= 0.0.9a BuildRequires: python-dns diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template index f8b1a6f09..ed30b9e0f 100644 --- a/install/share/krb5.conf.template +++ b/install/share/krb5.conf.template @@ -1,3 +1,5 @@ +includedir /var/lib/sss/pubconf/krb5.include.d + [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index cdcc6ad29..9e45589b8 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -723,7 +723,7 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options, filename, client_domain): krbconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") - krbconf.setOptionAssignment(" = ") + krbconf.setOptionAssignment((" = ", " ")) krbconf.setSectionNameDelimiters(("[","]")) krbconf.setSubSectionDelimiters(("{","}")) krbconf.setIndent((""," "," ")) @@ -731,6 +731,11 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok, opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'}, {'name':'empty', 'type':'empty'}] + # SSSD include dir + if options.sssd: + opts.append({'name':'includedir', 'type':'option', 'value':'/var/lib/sss/pubconf/krb5.include.d/', 'delim':' '}) + opts.append({'name':'empty', 'type':'empty'}) + #[libdefaults] libopts = [{'name':'default_realm', 'type':'option', 'value':cli_realm}] if not dnsok or not cli_kdc or options.force: |