diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-11 15:36:04 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-13 19:24:53 +0100 |
| commit | 63bbcff6b00ca09e468f56b764a5ae419624bbfd (patch) | |
| tree | fd4c0dc4d9f45af0c88c46638f90b8feecfb8dc0 /src | |
| parent | 17bc702a8aa0858647a628c3e9702f2dd698fd82 (diff) | |
| download | sssd-63bbcff6b00ca09e468f56b764a5ae419624bbfd.tar.gz sssd-63bbcff6b00ca09e468f56b764a5ae419624bbfd.tar.xz sssd-63bbcff6b00ca09e468f56b764a5ae419624bbfd.zip | |
IPA: Default to krb5_use_fast=try
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 27 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.h | 2 |
2 files changed, 28 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 4db7c589b..c0b6ee2ea 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -665,6 +665,33 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, dp_opt_get_string(ipa_opts->auth, KRB5_REALM)); } + /* If krb5_fast_principal was not set explicitly, default to + * host/$client_hostname + */ + value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL); + if (value == NULL) { + value = talloc_asprintf(ipa_opts->auth, "host/%s", + dp_opt_get_string(ipa_opts->basic, + IPA_HOSTNAME)); + if (value == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name); + ret = ENOMEM; + goto done; + } + + ret = dp_opt_set_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL, + value); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name); + goto done; + } + + DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name, value); + } + /* Set flag that controls whether we want to write the * kdcinfo files at all */ diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index bf9f3bc42..909c431ee 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -275,7 +275,7 @@ struct dp_option ipa_def_krb5_opts[] = { { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_renew_interval", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_use_fast", DP_OPT_STRING, { "try" }, NULL_STRING }, { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "krb5_use_enterprise_principal", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, |