From 1b224723e8db9699835ad58d6f589328f928e14e Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 17 Jun 2013 12:33:05 +0200 Subject: Set default realm for enterprise principals Enterprise principals require that a default realm is available. To make SSSD more robust in the case that the default realm option is missing in krb5.conf or to allow SSSD to work with multiple unconnected realms (e.g. AD domains without trust between them) the default realm will be set explicitly. Fixes https://fedorahosted.org/sssd/ticket/1931 --- src/providers/krb5/krb5_child.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/providers/krb5/krb5_child.c') diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index ac9a905fe..e9fbfbeaf 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1943,6 +1943,18 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) } } + /* Enterprise principals require that a default realm is available. To + * make SSSD more robust in the case that the default realm option is + * missing in krb5.conf or to allow SSSD to work with multiple unconnected + * realms (e.g. AD domains without trust between them) the default realm + * will be set explicitly. */ + if (kr->use_enterprise_princ) { + kerr = krb5_set_default_realm(kr->ctx, kr->realm); + if (kerr != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_set_default_realm failed.\n")); + } + } + parse_flags = kr->use_enterprise_princ ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0; kerr = sss_krb5_parse_name_flags(kr->ctx, kr->upn, parse_flags, &kr->princ); if (kerr != 0) { -- cgit