summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2014-02-14 11:45:50 +0100
committerJakub Hrozek <jhrozek@redhat.com>2014-02-17 19:25:09 +0100
commite83246234cc1236af2db5ed546f24005d5d43c12 (patch)
treedafd9e7c36fe72ec83c70c82c92884bac4b29a5a /src
parentf22b44fae90fe4f5fdac42cc1b36694567b2449f (diff)
downloadsssd-e83246234cc1236af2db5ed546f24005d5d43c12.tar.gz
sssd-e83246234cc1236af2db5ed546f24005d5d43c12.tar.xz
sssd-e83246234cc1236af2db5ed546f24005d5d43c12.zip
IPA: default krb5_fast_principal to host/$client@$realm
If krb5_fast_principal is not set in sssd.conf it was set to host/$client, KRB5 default realm was used which doesn't have to be the same as realm used for IPA, thus authentication failed when using FAST. Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> (cherry picked from commit e325cabe762fad7d696e014a7fdbb47a5cb8174a)
Diffstat (limited to 'src')
-rw-r--r--src/providers/ipa/ipa_common.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index e0abd1693..d4db1549b 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -665,13 +665,15 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
}
/* If krb5_fast_principal was not set explicitly, default to
- * host/$client_hostname
+ * host/$client_hostname@REALM
*/
value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL);
if (value == NULL) {
- value = talloc_asprintf(ipa_opts->auth, "host/%s",
+ value = talloc_asprintf(ipa_opts->auth, "host/%s@%s",
dp_opt_get_string(ipa_opts->basic,
- IPA_HOSTNAME));
+ IPA_HOSTNAME),
+ dp_opt_get_string(ipa_opts->auth,
+ KRB5_REALM));
if (value == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n",
ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name));
generated by cgit (git 2.34.1) at 2024-04-19 19:49:48 +0000