diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-07-05 20:00:37 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-07-06 11:44:46 -0400 |
commit | 4e2d9fe30bf8b692972a9654c60d2d90ed355815 (patch) | |
tree | 16282fce5ead3a6e432e0b4a5424afabf7fd25c9 /src/providers/ad/ad_common.c | |
parent | 9496a68ca035e9ef7a8077d17bdda0f497a11ecb (diff) | |
download | sssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.tar.gz sssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.tar.xz sssd-4e2d9fe30bf8b692972a9654c60d2d90ed355815.zip |
AD: use krb5_keytab for validation and GSSAPI
This simplifies configuration by eliminating the need to
specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is
not located at /etc/krb5.keytab
Diffstat (limited to 'src/providers/ad/ad_common.c')
-rw-r--r-- | src/providers/ad/ad_common.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index d8f8aff6f..185345528 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -426,8 +426,16 @@ ad_get_id_options(struct ad_options *ad_opts, desired_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); } - keytab_path = dp_opt_get_string(id_opts->basic, SDAP_KRB5_KEYTAB); - /* It's okay if this is NULL here */ + keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB); + if (keytab_path) { + ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB, + keytab_path); + if (ret != EOK) goto done; + DEBUG(SSSDBG_CONF_SETTINGS, + ("Option %s set to %s\n", + id_opts->basic[SDAP_KRB5_KEYTAB].opt_name, + keytab_path)); + } ret = select_principal_from_keytab(tmp_ctx, desired_primary, desired_realm, @@ -653,7 +661,6 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, krb5_options[KRB5_REALM].opt_name, krb5_realm)); - *_opts = talloc_steal(mem_ctx, krb5_options); ret = EOK; |