Add option to specify the kerberos replay cache dir

Adds a configure option to set the distribution default as well as
an sssd.conf option to override it.

https://fedorahosted.org/sssd/ticket/980

1 files changed, 31 insertions, 0 deletions

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index dd0998418..0e16b78f7 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -55,6 +55,11 @@
  * monitor will get crazy hammering children with messages */
 #define MONITOR_DEF_PING_TIME 10
 
+/* Special value to leave the Kerberos Replay Cache set to use
+ * the libkrb5 defaults
+ */
+#define KRB5_RCACHE_DIR_DISABLE "__LIBKRB5_DEFAULTS__"
+
 int cmdline_debug_level;
 int cmdline_debug_timestamps;
 
@@ -1926,8 +1931,34 @@ int monitor_process_init(struct mt_ctx *ctx,
     struct sysdb_ctx_list *db_list;
     struct tevent_signal *tes;
     struct sss_domain_info *dom;
+    char *rcachedir;
     int num_providers;
     int ret;
+    int error;
+
+    /* Set up the environment variable for the Kerberos Replay Cache */
+    ret = confdb_get_string(ctx->cdb, ctx,
+                            CONFDB_MONITOR_CONF_ENTRY,
+                            CONFDB_MONITOR_KRB5_RCACHEDIR,
+                            KRB5_RCACHE_DIR,
+                            &rcachedir);
+    if (ret != EOK) {
+        return ret;
+    }
+
+    if (strcmp(rcachedir, KRB5_RCACHE_DIR_DISABLE) != 0)
+    {
+        errno = 0;
+        ret = setenv("KRB5RCACHEDIR", rcachedir, 1);
+        if (ret < 0) {
+            error = errno;
+            DEBUG(1,
+                  ("Unable to set KRB5RCACHEDIR: %s."
+                   "Will attempt to use libkrb5 defaults\n",
+                   strerror(error)));
+        }
+        talloc_zfree(rcachedir);
+    }
 
     /* Set up an event handler for a SIGHUP */
     tes = tevent_add_signal(ctx->ev, ctx, SIGHUP, 0,