diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-11 15:36:04 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-17 20:58:20 +0100 |
commit | 529c7ade2f7f633fdb80e2f5b2055afd5a017d2f (patch) | |
tree | 5a65c5a99e46d6ac5f37faefd9bc9efd005c0257 /src/providers/ipa | |
parent | a5910c05a1013c9a050f6df3d4c6884e894bf2d9 (diff) | |
download | sssd-529c7ade2f7f633fdb80e2f5b2055afd5a017d2f.tar.gz sssd-529c7ade2f7f633fdb80e2f5b2055afd5a017d2f.tar.xz sssd-529c7ade2f7f633fdb80e2f5b2055afd5a017d2f.zip |
IPA: Default to krb5_use_fast=try
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_common.c | 27 | ||||
-rw-r--r-- | src/providers/ipa/ipa_opts.h | 2 |
2 files changed, 28 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 671374098..e0abd1693 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -664,6 +664,33 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, dp_opt_get_string(ipa_opts->auth, KRB5_REALM))); } + /* If krb5_fast_principal was not set explicitly, default to + * host/$client_hostname + */ + value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL); + if (value == NULL) { + value = talloc_asprintf(ipa_opts->auth, "host/%s", + dp_opt_get_string(ipa_opts->basic, + IPA_HOSTNAME)); + if (value == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name)); + ret = ENOMEM; + goto done; + } + + ret = dp_opt_set_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL, + value); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name)); + goto done; + } + + DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name, value)); + } + /* Set flag that controls whether we want to write the * kdcinfo files at all */ diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 27dc3e2f9..c46d421ad 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -274,7 +274,7 @@ struct dp_option ipa_def_krb5_opts[] = { { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_renew_interval", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_use_fast", DP_OPT_STRING, { "try" }, NULL_STRING }, { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "krb5_use_enterprise_principal", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, |