diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2010-10-14 09:37:34 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-10-19 16:02:47 -0400 |
| commit | 7051a30300d12163e890e4ec4b9a765567679a8b (patch) | |
| tree | 96d9f734fef8d052a4747756b11538f18e5d261f /src/config | |
| parent | ed9d7d200bda6f5e1a177054fb483fb48c6ad54e (diff) | |
| download | sssd-7051a30300d12163e890e4ec4b9a765567679a8b.tar.gz sssd-7051a30300d12163e890e4ec4b9a765567679a8b.tar.xz sssd-7051a30300d12163e890e4ec4b9a765567679a8b.zip | |
Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.
For the time being, if krb5_server is not found, still falls back to
krb5_kdcip with a warning. If both options are present in config file,
krb5_server has a higher priority.
Fixes: #543
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/SSSDConfig.py | 2 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 8 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-krb5.conf | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 1 | ||||
| -rw-r--r-- | src/config/sssd_upgrade_config.py | 4 |
6 files changed, 13 insertions, 4 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 22013eebb..f4734b8c3 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -93,6 +93,7 @@ option_strings = { # [provider/krb5] 'krb5_kdcip' : _('Kerberos server address'), + 'krb5_server' : _('Kerberos server address'), 'krb5_realm' : _('Kerberos realm'), 'krb5_auth_timeout' : _('Authentication timeout'), @@ -122,6 +123,7 @@ option_strings = { 'ldap_sasl_mech' : _('Specify the sasl mechanism to use'), 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'), 'krb5_kdcip' : _('Kerberos server address'), + 'krb5_server' : _('Kerberos server address'), 'krb5_realm' : _('Kerberos realm'), 'ldap_krb5_keytab' : _('Kerberos service keytab'), 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index f0cfac8b8..39db49dc3 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -541,7 +541,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): backup_list = control_list[:] control_list.extend( - ['krb5_kdcip', + ['krb5_server', 'krb5_realm', 'krb5_kpasswd', 'krb5_ccachedir', @@ -562,6 +562,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): "Option [%s] missing" % option) + control_list.extend(['krb5_kdcip']) + # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, @@ -712,6 +714,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): # Test looking up a specific provider type options = domain.list_provider_options('krb5', 'auth') control_list = [ + 'krb5_server', 'krb5_kdcip', 'krb5_realm', 'krb5_kpasswd', @@ -859,7 +862,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): backup_list = control_list[:] control_list.extend( - ['krb5_kdcip', + ['krb5_server', + 'krb5_kdcip', 'krb5_realm', 'krb5_kpasswd', 'krb5_ccachedir', diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index b559b78dc..001d4fce2 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -19,6 +19,7 @@ ldap_tls_reqcert = str, None, false ldap_sasl_mech = str, None, false ldap_sasl_authid = str, None, false krb5_kdcip = str, None, false +krb5_server = str, None, false krb5_realm = str, None, false krb5_auth_timeout = int, None, false krb5_kpasswd = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-krb5.conf b/src/config/etc/sssd.api.d/sssd-krb5.conf index 76ef8b5b4..0c0aa4261 100644 --- a/src/config/etc/sssd.api.d/sssd-krb5.conf +++ b/src/config/etc/sssd.api.d/sssd-krb5.conf @@ -1,5 +1,6 @@ [provider/krb5] krb5_kdcip = str, None, false +krb5_server = str, None, false krb5_realm = str, None, true krb5_auth_timeout = int, None, false krb5_kpasswd = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 75eba5866..1f5d7ab2a 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -14,6 +14,7 @@ ldap_tls_reqcert = str, None, false ldap_sasl_mech = str, None, false ldap_sasl_authid = str, None, false krb5_kdcip = str, None, false +krb5_server = str, None, false krb5_realm = str, None, false ldap_krb5_keytab = str, None, false ldap_krb5_init_creds = bool, None, false diff --git a/src/config/sssd_upgrade_config.py b/src/config/sssd_upgrade_config.py index 62ffe5273..e05226e83 100644 --- a/src/config/sssd_upgrade_config.py +++ b/src/config/sssd_upgrade_config.py @@ -77,7 +77,7 @@ class SSSDConfigFile(SSSDChangeConf): auth_provider = self.findOpts(domain['value'], 'option', 'auth_provider')[1] if auth_provider and auth_provider['value'] == 'krb5': - server = self.findOpts(domain['value'], 'option', 'krb5_kdcip')[1] + server = self.findOpts(domain['value'], 'option', 'krb5_server')[1] if not server or "__srv__" in server['value']: domain['value'].insert(0, dns_domain_name) @@ -201,7 +201,7 @@ class SSSDConfigFile(SSSDChangeConf): 'ldap_netgroup_uuid' : 'netgroupUUID', 'ldap_netgroup_modify_timestamp' : 'netgroupModifyTimestamp', } - krb5_kw = { 'krb5_kdcip' : 'krb5KDCIP', + krb5_kw = { 'krb5_server' : 'krb5KDCIP', 'krb5_realm' : 'krb5REALM', 'krb5_try_simple_upn' : 'krb5try_simple_upn', 'krb5_changepw_principal' : 'krb5changepw_principle', |