From 63bbcff6b00ca09e468f56b764a5ae419624bbfd Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 11 Feb 2014 15:36:04 +0100 Subject: IPA: Default to krb5_use_fast=try MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Lukáš Slebodník Reviewed-by: Pavel Březina Reviewed-by: Nathaniel McCallum Reviewed-by: Alexander Bokovoy --- src/providers/ipa/ipa_common.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'src/providers/ipa/ipa_common.c') diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 4db7c589b..c0b6ee2ea 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -665,6 +665,33 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, dp_opt_get_string(ipa_opts->auth, KRB5_REALM)); } + /* If krb5_fast_principal was not set explicitly, default to + * host/$client_hostname + */ + value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL); + if (value == NULL) { + value = talloc_asprintf(ipa_opts->auth, "host/%s", + dp_opt_get_string(ipa_opts->basic, + IPA_HOSTNAME)); + if (value == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name); + ret = ENOMEM; + goto done; + } + + ret = dp_opt_set_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL, + value); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name); + goto done; + } + + DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n", + ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name, value); + } + /* Set flag that controls whether we want to write the * kdcinfo files at all */ -- cgit