diff options
Diffstat (limited to 'src/providers/ldap/sdap_child_helpers.c')
| -rw-r--r-- | src/providers/ldap/sdap_child_helpers.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index 58b757efd..1b1224859 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -29,6 +29,7 @@ #include <fcntl.h> #include "util/util.h" +#include "util/sss_krb5.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_private.h" #include "providers/child_common.h" @@ -455,6 +456,21 @@ int setup_child(struct sdap_id_ctx *ctx) return EOK; } + if (mech && (strcasecmp(mech, "GSSAPI") == 0)) { + ret = sss_krb5_verify_keytab(dp_opt_get_string(ctx->opts->basic, + SDAP_SASL_AUTHID), + dp_opt_get_string(ctx->opts->basic, + SDAP_KRB5_REALM), + dp_opt_get_string(ctx->opts->basic, + SDAP_KRB5_KEYTAB)); + + if (ret != EOK) { + DEBUG(0, ("Could not verify keytab\n")) + return ret; + } + + } + if (debug_to_file != 0 && ldap_child_debug_fd == -1) { ret = open_debug_file_ex("ldap_child", &debug_filep); if (ret != EOK) { |