From 2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 20 Jul 2010 18:35:50 +0200
Subject: Validate keytab at startup

In addition to validating the keytab everytime a TGT is requested, we
also validate the keytab on back end startup to give early warning that
the keytab is not usable.

Fixes: #556
---
 src/util/sss_krb5.h | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/util/sss_krb5.h')

diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 60994e1..bc7a4f8 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -24,6 +24,7 @@
 #include "config.h"
 
 #include <stdbool.h>
+#include <talloc.h>
 
 #ifdef HAVE_KRB5_KRB5_H
 #include <krb5/krb5.h>
@@ -47,4 +48,12 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
 
 krb5_error_code check_for_valid_tgt(const char *ccname, const char *realm,
                                     const char *client_princ_str, bool *result);
+
+int sss_krb5_verify_keytab(const char *principal,
+                           const char *realm_str,
+                           const char *keytab_name);
+
+int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name,
+                              krb5_context context, krb5_keytab keytab);
+
 #endif /* __SSS_KRB5_H__ */
-- 
cgit