summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-07-05 20:00:37 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-07-06 11:44:46 -0400
commit4e2d9fe30bf8b692972a9654c60d2d90ed355815 (patch)
tree16282fce5ead3a6e432e0b4a5424afabf7fd25c9
parent9496a68ca035e9ef7a8077d17bdda0f497a11ecb (diff)
downloadsssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.tar.gz
sssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.tar.xz
sssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.zip
AD: use krb5_keytab for validation and GSSAPI
This simplifies configuration by eliminating the need to specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is not located at /etc/krb5.keytab
-rw-r--r--src/providers/ad/ad_common.c13
-rw-r--r--src/providers/ad/ad_common.h1
-rw-r--r--src/providers/ad/ad_opts.h1
3 files changed, 12 insertions, 3 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index d8f8aff6f..185345528 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -426,8 +426,16 @@ ad_get_id_options(struct ad_options *ad_opts,
desired_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
}
- keytab_path = dp_opt_get_string(id_opts->basic, SDAP_KRB5_KEYTAB);
- /* It's okay if this is NULL here */
+ keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
+ if (keytab_path) {
+ ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB,
+ keytab_path);
+ if (ret != EOK) goto done;
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ ("Option %s set to %s\n",
+ id_opts->basic[SDAP_KRB5_KEYTAB].opt_name,
+ keytab_path));
+ }
ret = select_principal_from_keytab(tmp_ctx,
desired_primary, desired_realm,
@@ -653,7 +661,6 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
krb5_options[KRB5_REALM].opt_name,
krb5_realm));
-
*_opts = talloc_steal(mem_ctx, krb5_options);
ret = EOK;
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index d34f498a0..d28bfc8a9 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -34,6 +34,7 @@ enum ad_basic_opt {
AD_DOMAIN = 0,
AD_SERVER,
AD_HOSTNAME,
+ AD_KEYTAB,
AD_KRB5_REALM,
AD_OPTS_BASIC /* opts counter */
diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
index b3df14c92..2648044c0 100644
--- a/src/providers/ad/ad_opts.h
+++ b/src/providers/ad/ad_opts.h
@@ -31,6 +31,7 @@ struct dp_option ad_basic_opts[] = {
{ "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING},
DP_OPTION_TERMINATOR
};