diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2010-07-20 18:35:50 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-08-03 13:50:28 -0400 |
commit | 2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d (patch) | |
tree | 555aa8943fe4bf30d52d2dd64bde1fe5692b0b09 /src/util/sss_krb5.h | |
parent | 13d90c2ae8413317947d392c89fffca10ec83587 (diff) | |
download | sssd-2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d.tar.gz sssd-2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d.tar.xz sssd-2f4e8fbdf1d4ba1e00fcab93af91fe4f4f40250d.zip |
Validate keytab at startup
In addition to validating the keytab everytime a TGT is requested, we
also validate the keytab on back end startup to give early warning that
the keytab is not usable.
Fixes: #556
Diffstat (limited to 'src/util/sss_krb5.h')
-rw-r--r-- | src/util/sss_krb5.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 60994e123..bc7a4f8a2 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -24,6 +24,7 @@ #include "config.h" #include <stdbool.h> +#include <talloc.h> #ifdef HAVE_KRB5_KRB5_H #include <krb5/krb5.h> @@ -47,4 +48,12 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name) krb5_error_code check_for_valid_tgt(const char *ccname, const char *realm, const char *client_princ_str, bool *result); + +int sss_krb5_verify_keytab(const char *principal, + const char *realm_str, + const char *keytab_name); + +int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, + krb5_context context, krb5_keytab keytab); + #endif /* __SSS_KRB5_H__ */ |