From 07b7b76d7cd494cbd26263503ba2732c21819941 Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Tue, 5 Jun 2012 15:07:10 -0400 Subject: Primary server support: new options in krb5 provider This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches. --- src/providers/krb5/krb5_common.h | 2 ++ src/providers/krb5/krb5_init.c | 17 +++++++++++++---- src/providers/krb5/krb5_opts.h | 2 ++ 3 files changed, 17 insertions(+), 4 deletions(-) (limited to 'src/providers/krb5') diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 337fcf55f..51bd26773 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -49,6 +49,7 @@ enum krb5_opts { KRB5_KDC = 0, + KRB5_BACKUP_KDC, KRB5_REALM, KRB5_CCACHEDIR, KRB5_CCNAME_TMPL, @@ -56,6 +57,7 @@ enum krb5_opts { KRB5_KEYTAB, KRB5_VALIDATE, KRB5_KPASSWD, + KRB5_BACKUP_KPASSWD, KRB5_STORE_PASSWORD_IF_OFFLINE, KRB5_RENEWABLE_LIFETIME, KRB5_LIFETIME, diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index 60c18a8f0..a7b06fdf1 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -61,7 +61,9 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, struct krb5_ctx *ctx = NULL; int ret; const char *krb5_servers; + const char *krb5_backup_servers; const char *krb5_kpasswd_servers; + const char *krb5_backup_kpasswd_servers; const char *krb5_realm; const char *errstr; int errval; @@ -98,9 +100,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->opts = krb5_options->opts; krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); - if (krb5_servers == NULL) { - DEBUG(SSSDBG_CONF_SETTINGS, ("Missing krb5_server option, using service discovery!\n")); - } + krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC); krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { @@ -109,13 +109,22 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } ret = krb5_service_init(ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers, - NULL, krb5_realm, &ctx->service); + krb5_backup_servers, krb5_realm, &ctx->service); if (ret != EOK) { DEBUG(0, ("Failed to init KRB5 failover service!\n")); return ret; } krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD); + krb5_backup_kpasswd_servers = dp_opt_get_string(ctx->opts, + KRB5_BACKUP_KPASSWD); + if (krb5_kpasswd_servers == NULL && krb5_backup_kpasswd_servers != NULL) { + DEBUG(SSSDBG_CONF_SETTINGS, ("kpasswd server wasn't specified but " + "backup kpasswd given. Using it as primary\n")); + krb5_kpasswd_servers = krb5_backup_kpasswd_servers; + krb5_backup_kpasswd_servers = NULL; + } + if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) { DEBUG(0, ("Missing krb5_kpasswd option and KDC set explicitly, " "will use KDC for pasword change operations!\n")); diff --git a/src/providers/krb5/krb5_opts.h b/src/providers/krb5/krb5_opts.h index 9de93b0cd..dc9b17648 100644 --- a/src/providers/krb5/krb5_opts.h +++ b/src/providers/krb5/krb5_opts.h @@ -27,6 +27,7 @@ struct dp_option default_krb5_opts[] = { { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_ccachedir", DP_OPT_STRING, { DEFAULT_CCACHE_DIR }, NULL_STRING }, { "krb5_ccname_template", DP_OPT_STRING, { DEFAULT_CCNAME_TEMPLATE }, NULL_STRING}, @@ -34,6 +35,7 @@ struct dp_option default_krb5_opts[] = { { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING }, { "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_backup_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_store_password_if_offline", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, -- cgit