summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-07-18 14:20:46 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-07-18 15:10:38 -0400
commite82832a64fd456d1541ce0ea3902bcfb05e69642 (patch)
treea5bb69ab466310bcd28d9d6d34456eb737fa27cd
parent8bbf89c5ab798c112773fe23515c3a9df56dde71 (diff)
downloadsssd-e82832a64fd456d1541ce0ea3902bcfb05e69642.tar.gz
sssd-e82832a64fd456d1541ce0ea3902bcfb05e69642.tar.xz
sssd-e82832a64fd456d1541ce0ea3902bcfb05e69642.zip
AD: Fix defaults for krb5_canonicalize
The AD provider cannot function with canonicalization because of a bug in Active Directory rendering it unable to complete a password-change while canonicalization is enabled.
-rw-r--r--src/providers/ad/ad_opts.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
index 9f950a803..0d957bcd4 100644
--- a/src/providers/ad/ad_opts.h
+++ b/src/providers/ad/ad_opts.h
@@ -83,7 +83,7 @@ struct dp_option ad_def_ldap_opts[] = {
/* use the same parm name as the krb5 module so we set it only once */
{ "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_TRUE },
+ { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING },
{ "ldap_referrals", DP_OPT_BOOL, BOOL_FALSE, BOOL_TRUE },
{ "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
@@ -134,7 +134,7 @@ struct dp_option ad_def_krb5_opts[] = {
{ "krb5_renew_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER },
{ "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
+ { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
DP_OPTION_TERMINATOR
};