From 7051a30300d12163e890e4ec4b9a765567679a8b Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Thu, 14 Oct 2010 09:37:34 +0200 Subject: Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543 --- src/providers/ipa/ipa_common.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/providers/ipa/ipa_common.c') diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 95d99de8..758bf9de 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -129,7 +129,7 @@ struct sdap_attr_map ipa_netgroup_map[] = { }; struct dp_option ipa_def_krb5_opts[] = { - { "krb5_kdcip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING }, { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc_%U_XXXXXX" }, NULL_STRING}, @@ -437,6 +437,14 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, goto done; } + /* If there is no KDC, try the deprecated krb5_kdcip option, too */ + /* FIXME - this can be removed in a future version */ + ret = krb5_try_kdcip(ipa_opts, cdb, conf_path, ipa_opts->auth); + if (ret != EOK) { + DEBUG(1, ("sss_krb5_try_kdcip failed.\n")); + goto done; + } + /* set krb realm */ if (NULL == dp_opt_get_string(ipa_opts->auth, KRB5_REALM)) { value = dp_opt_get_string(ipa_opts->basic, IPA_DOMAIN); -- cgit