Add krb5_lifetime option

1 files changed, 21 insertions, 1 deletions

diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 1a62bbe32..7ee4d09f9 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -41,7 +41,8 @@ struct dp_option default_krb5_opts[] = {
     { "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     { "krb5_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "krb5_store_password_if_offline", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
-    { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }
+    { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }
 };
 
 errno_t check_and_export_options(struct dp_option *opts,
@@ -88,6 +89,25 @@ errno_t check_and_export_options(struct dp_option *opts,
         }
     }
 
+    str = dp_opt_get_string(opts, KRB5_LIFETIME);
+    if (str == NULL) {
+        DEBUG(5, ("No TGT lifetime configured.\n"));
+    } else {
+        ret = krb5_string_to_deltat(str, &lifetime);
+        if (ret != 0) {
+            DEBUG(1, ("Invalid value [%s] for krb5_lifetime.\n",
+                      str));
+            return EINVAL;
+        }
+
+        ret = setenv(SSSD_KRB5_LIFETIME, str, 1);
+        if (ret != EOK) {
+            DEBUG(2, ("setenv [%s] failed.\n",
+                      SSSD_KRB5_LIFETIME));
+            return ret;
+        }
+    }
+
     dummy = dp_opt_get_cstring(opts, KRB5_KDC);
     if (dummy == NULL) {
         DEBUG(1, ("No KDC explicitly configured, using defaults.\n"));