Check for GSSAPI before attempting to kinit

1 files changed, 12 insertions, 8 deletions

diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 86598cac9..dcfb55390 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -60,6 +60,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
     struct sdap_id_ctx *ctx;
     const char *urls;
     const char *dns_service_name;
+    const char *sasl_mech;
     int ret;
 
     /* If we're already set up, just return that */
@@ -98,14 +99,17 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
         goto done;
     }
 
-    if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) {
-        ret = sdap_gssapi_init(ctx, ctx->opts->basic,
-                               ctx->be, ctx->service,
-                               &ctx->krb5_service);
-        if (ret !=  EOK) {
-            DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n",
-                       ret, strerror(ret)));
-            goto done;
+    sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH);
+    if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) {
+        if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) {
+            ret = sdap_gssapi_init(ctx, ctx->opts->basic,
+                                   ctx->be, ctx->service,
+                                   &ctx->krb5_service);
+            if (ret !=  EOK) {
+                DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n",
+                            ret, strerror(ret)));
+                goto done;
+            }
         }
     }