AD: use krb5_keytab for subdomain initialization

During the initialization of AD subdomains parameters like the SASL auth
id are determined. Since subdomains use a default set of the AD specific
configuration options the default keytab will be used. If krb5_keytab is
set in sssd.conf for the AD domain this keytab should be used for the
subdomains (domains of the same AD forest) as well.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c
index 33c76cad9..b870d5552 100644
--- a/src/providers/ipa/ipa_subdomains_server.c
+++ b/src/providers/ipa/ipa_subdomains_server.c
@@ -176,7 +176,8 @@ static struct ad_options *ipa_ad_options_new(struct ipa_id_ctx *id_ctx,
         ad_options = ad_create_2way_trust_options(id_ctx,
                                                   id_ctx->server_mode->realm,
                                                   subdom->name,
-                                                  id_ctx->server_mode->hostname);
+                                                  id_ctx->server_mode->hostname,
+                                                  NULL);
     } else if (direction & LSA_TRUST_DIRECTION_INBOUND) {
         ad_options = ipa_create_1way_trust_ctx(id_ctx, forest,
                                                forest_realm, subdom);