diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-07-05 20:00:37 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-07-06 11:44:46 -0400 |
commit | 4e2d9fe30bf8b692972a9654c60d2d90ed355815 (patch) | |
tree | 16282fce5ead3a6e432e0b4a5424afabf7fd25c9 | |
parent | 9496a68ca035e9ef7a8077d17bdda0f497a11ecb (diff) | |
download | sssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.tar.gz sssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.tar.xz sssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.zip |
AD: use krb5_keytab for validation and GSSAPI
This simplifies configuration by eliminating the need to
specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is
not located at /etc/krb5.keytab
-rw-r--r-- | src/providers/ad/ad_common.c | 13 | ||||
-rw-r--r-- | src/providers/ad/ad_common.h | 1 | ||||
-rw-r--r-- | src/providers/ad/ad_opts.h | 1 |
3 files changed, 12 insertions, 3 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index d8f8aff6f..185345528 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -426,8 +426,16 @@ ad_get_id_options(struct ad_options *ad_opts, desired_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); } - keytab_path = dp_opt_get_string(id_opts->basic, SDAP_KRB5_KEYTAB); - /* It's okay if this is NULL here */ + keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB); + if (keytab_path) { + ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB, + keytab_path); + if (ret != EOK) goto done; + DEBUG(SSSDBG_CONF_SETTINGS, + ("Option %s set to %s\n", + id_opts->basic[SDAP_KRB5_KEYTAB].opt_name, + keytab_path)); + } ret = select_principal_from_keytab(tmp_ctx, desired_primary, desired_realm, @@ -653,7 +661,6 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, krb5_options[KRB5_REALM].opt_name, krb5_realm)); - *_opts = talloc_steal(mem_ctx, krb5_options); ret = EOK; diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index d34f498a0..d28bfc8a9 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -34,6 +34,7 @@ enum ad_basic_opt { AD_DOMAIN = 0, AD_SERVER, AD_HOSTNAME, + AD_KEYTAB, AD_KRB5_REALM, AD_OPTS_BASIC /* opts counter */ diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index b3df14c92..2648044c0 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -31,6 +31,7 @@ struct dp_option ad_basic_opts[] = { { "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, DP_OPTION_TERMINATOR }; |