Validate Kerberos credentials with local keytab

author: Sumit Bose <sbose@redhat.com> 2009-11-11 14:16:41 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2009-11-20 11:18:49 -0500
commit: 9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd (patch)
tree: 01eab02d15e4689f6df79dbe7b95d699987ce43b /server/config
parent: eb78b771fe2beefef84295673e36eb3fbb11730a (diff)
download: sssd-9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd.tar.gz
sssd-9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd.tar.xz
sssd-9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd.zip
3 files changed, 11 insertions, 1 deletions
diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index 2de9e7a9f..57d39c7b8 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -91,6 +91,8 @@ option_strings = {
     # [provider/krb5/auth]
     'krb5_ccachedir' : _('Directory to store credential caches'),
     'krb5_ccname_template' : _("Location of the user's credential cache"),
+    'krb5_keytab' : _("Location of the keytab to validate credentials"),
+    'krb5_validate' : _("Enable credential validation"),
 
     # [provider/krb5/chpass]
     'krb5_changepw_principal' : _('The principal of the change password service'),
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index e54623342..aca1fbd44 100644
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -424,6 +424,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
              'krb5_realm',
              'krb5_ccachedir',
              'krb5_ccname_template',
+             'krb5_keytab',
+             'krb5_validate',
              'krb5_auth_timeout'])
 
         options = domain.list_options()
@@ -495,6 +497,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'krb5_realm',
             'krb5_ccachedir',
             'krb5_ccname_template',
+            'krb5_keytab',
+            'krb5_validate',
             'krb5_auth_timeout']
 
         self.assertTrue(type(options) == dict,
@@ -631,6 +635,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
              'krb5_realm',
              'krb5_ccachedir',
              'krb5_ccname_template',
+             'krb5_keytab',
+             'krb5_validate',
              'krb5_auth_timeout'])
 
         options = domain.list_options()
diff --git a/server/config/etc/sssd.api.d/sssd-krb5.conf b/server/config/etc/sssd.api.d/sssd-krb5.conf
index 85067e93a..860f8b893 100644
--- a/server/config/etc/sssd.api.d/sssd-krb5.conf
+++ b/server/config/etc/sssd.api.d/sssd-krb5.conf
@@ -6,8 +6,10 @@ krb5_auth_timeout = int, None
 [provider/krb5/auth]
 krb5_ccachedir = str, None
 krb5_ccname_template = str, None
+krb5_keytab = str, None
+krb5_validate = bool, None
 
 [provider/krb5/access]
 
 [provider/krb5/chpass]
-krb5_changepw_principal = str, None
-\ No newline at end of file
+krb5_changepw_principal = str, None
author	Sumit Bose <sbose@redhat.com>	2009-11-11 14:16:41 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2009-11-20 11:18:49 -0500
commit	9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd (patch)
tree	01eab02d15e4689f6df79dbe7b95d699987ce43b /server/config
parent	eb78b771fe2beefef84295673e36eb3fbb11730a (diff)
download	sssd-9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd.tar.gz sssd-9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd.tar.xz sssd-9c49fb9a7cb6aa87a7bce1865887d6e4f78ce5fd.zip