diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2014-02-14 11:45:50 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-17 19:24:05 +0100 |
| commit | e325cabe762fad7d696e014a7fdbb47a5cb8174a (patch) | |
| tree | 7e54710a6226c71f9770ab3df97bcfe3392205c9 /src | |
| parent | 5bcb59c94ceb86b4ccd280a5a3f47c16fb08aac3 (diff) | |
| download | sssd-e325cabe762fad7d696e014a7fdbb47a5cb8174a.tar.gz sssd-e325cabe762fad7d696e014a7fdbb47a5cb8174a.tar.xz sssd-e325cabe762fad7d696e014a7fdbb47a5cb8174a.zip | |
IPA: default krb5_fast_principal to host/$client@$realm
If krb5_fast_principal is not set in sssd.conf it was set to host/$client,
KRB5 default realm was used which doesn't have to be the same as realm
used for IPA, thus authentication failed when using FAST.
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index c0b6ee2ea..f84748267 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -666,13 +666,15 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, } /* If krb5_fast_principal was not set explicitly, default to - * host/$client_hostname + * host/$client_hostname@REALM */ value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL); if (value == NULL) { - value = talloc_asprintf(ipa_opts->auth, "host/%s", + value = talloc_asprintf(ipa_opts->auth, "host/%s@%s", dp_opt_get_string(ipa_opts->basic, - IPA_HOSTNAME)); + IPA_HOSTNAME), + dp_opt_get_string(ipa_opts->auth, + KRB5_REALM)); if (value == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n", ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name); |