Add krb5_kpasswd option

1 files changed, 18 insertions, 3 deletions

diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 4d2123815..83129d9c5 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -52,6 +52,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
     unsigned v;
     FILE *debug_filep;
     const char *krb5_servers;
+    const char *krb5_kpasswd_servers;
     const char *krb5_realm;
     const char *errstr;
     int errval;
@@ -98,13 +99,27 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
         return EINVAL;
     }
 
-    ret = krb5_service_init(ctx, bectx, "KRB5", krb5_servers, krb5_realm,
-                            &ctx->service);
+    ret = krb5_service_init(ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers,
+                            krb5_realm, &ctx->service);
     if (ret != EOK) {
-        DEBUG(0, ("Failed to init IPA failover service!\n"));
+        DEBUG(0, ("Failed to init KRB5 failover service!\n"));
         return ret;
     }
 
+    krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD);
+    if (krb5_kpasswd_servers == NULL) {
+        DEBUG(0, ("Missing krb5_kpasswd option, using KDC!\n"));
+        ctx->kpasswd_service = NULL;
+    } else {
+        ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV,
+                                krb5_kpasswd_servers, krb5_realm,
+                                &ctx->kpasswd_service);
+        if (ret != EOK) {
+            DEBUG(0, ("Failed to init KRB5KPASSWD failover service!\n"));
+            return ret;
+        }
+    }
+
     ret = check_and_export_options(ctx->opts, bectx->domain);
     if (ret != EOK) {
         DEBUG(1, ("check_and_export_options failed.\n"));