From 9677308caa78ed722570aea32f21334b8c27bad3 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 29 Nov 2013 13:29:20 +0100
Subject: Allow kernel keyring CCACHE when supported

Server and client installer should allow kernel keyring ccache when
supported.

https://fedorahosted.org/freeipa/ticket/4013
---
 ipaserver/install/krbinstance.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ipaserver')

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 2ab97a4d..80d1addb 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -31,6 +31,7 @@ import installutils
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython import services as ipaservices
+from ipapython import kernel_keyring
 from ipalib import errors
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
@@ -252,6 +253,15 @@ class KrbInstance(service.Service):
             dr_map = ""
         self.sub_dict['OTHER_DOMAIN_REALM_MAPS'] = dr_map
 
+        # Configure KEYRING CCACHE if supported
+        if kernel_keyring.is_persistent_keyring_supported():
+            root_logger.debug("Enabling persistent keyring CCACHE")
+            self.sub_dict['OTHER_LIBDEFAULTS'] = \
+                " default_ccache_name = KEYRING:persistent:%{uid}\n"
+        else:
+            root_logger.debug("Persistent keyring CCACHE is not enabled")
+            self.sub_dict['OTHER_LIBDEFAULTS'] = ''
+
     def __configure_sasl_mappings(self):
         # we need to remove any existing SASL mappings in the directory as otherwise they
         # they may conflict.
-- 
cgit