diff options
author | Pavel Březina <pbrezina@redhat.com> | 2014-02-14 11:45:50 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-17 19:25:09 +0100 |
commit | e83246234cc1236af2db5ed546f24005d5d43c12 (patch) | |
tree | dafd9e7c36fe72ec83c70c82c92884bac4b29a5a /src | |
parent | f22b44fae90fe4f5fdac42cc1b36694567b2449f (diff) | |
download | sssd-e83246234cc1236af2db5ed546f24005d5d43c12.tar.gz sssd-e83246234cc1236af2db5ed546f24005d5d43c12.tar.xz sssd-e83246234cc1236af2db5ed546f24005d5d43c12.zip |
IPA: default krb5_fast_principal to host/$client@$realm
If krb5_fast_principal is not set in sssd.conf it was set to host/$client,
KRB5 default realm was used which doesn't have to be the same as realm
used for IPA, thus authentication failed when using FAST.
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
(cherry picked from commit e325cabe762fad7d696e014a7fdbb47a5cb8174a)
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ipa/ipa_common.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index e0abd1693..d4db1549b 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -665,13 +665,15 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, } /* If krb5_fast_principal was not set explicitly, default to - * host/$client_hostname + * host/$client_hostname@REALM */ value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL); if (value == NULL) { - value = talloc_asprintf(ipa_opts->auth, "host/%s", + value = talloc_asprintf(ipa_opts->auth, "host/%s@%s", dp_opt_get_string(ipa_opts->basic, - IPA_HOSTNAME)); + IPA_HOSTNAME), + dp_opt_get_string(ipa_opts->auth, + KRB5_REALM)); if (value == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n", ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name)); |