From 4e2d9fe30bf8b692972a9654c60d2d90ed355815 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 5 Jul 2012 20:00:37 -0400
Subject: AD: use krb5_keytab for validation and GSSAPI

This simplifies configuration by eliminating the need to
specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is
not located at /etc/krb5.keytab
---
 src/providers/ad/ad_common.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'src/providers/ad/ad_common.c')

diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index d8f8aff6f..185345528 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -426,8 +426,16 @@ ad_get_id_options(struct ad_options *ad_opts,
         desired_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
     }
 
-    keytab_path = dp_opt_get_string(id_opts->basic, SDAP_KRB5_KEYTAB);
-    /* It's okay if this is NULL here */
+    keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
+    if (keytab_path) {
+        ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB,
+                                keytab_path);
+        if (ret != EOK) goto done;
+        DEBUG(SSSDBG_CONF_SETTINGS,
+              ("Option %s set to %s\n",
+               id_opts->basic[SDAP_KRB5_KEYTAB].opt_name,
+               keytab_path));
+    }
 
     ret = select_principal_from_keytab(tmp_ctx,
                                        desired_primary, desired_realm,
@@ -653,7 +661,6 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
            krb5_options[KRB5_REALM].opt_name,
            krb5_realm));
 
-
     *_opts = talloc_steal(mem_ctx, krb5_options);
 
     ret = EOK;
-- 
cgit