summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_subdomains.c
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2016-07-05 11:25:59 +0200
committerSumit Bose <sbose@redhat.com>2016-07-05 12:03:57 +0200
commit8b27ace5c972b82cde1e9a6d6f771f28a2999e39 (patch)
tree5cc635385247e22e6bbd1f44415a517a38a51f88 /src/providers/ipa/ipa_subdomains.c
parent66ee2f40d0c9b526df8fa9ba7061772237b5d9e6 (diff)
downloadsssd-8b27ace5c972b82cde1e9a6d6f771f28a2999e39.tar.gz
sssd-8b27ace5c972b82cde1e9a6d6f771f28a2999e39.tar.xz
sssd-8b27ace5c972b82cde1e9a6d6f771f28a2999e39.zip
IPA/AD: globally set krb5 canonicalization flagipa_automatic_enterprise
If Kerberos principal canonicalization is configured in SSSD, currently it is the default for the IPA provider, a configuration snippet is generated for the system-wide libkrb5 configuration so that all kerberized applications will use canonicalization by default. Resolves https://fedorahosted.org/sssd/ticket/3041
Diffstat (limited to 'src/providers/ipa/ipa_subdomains.c')
-rw-r--r--src/providers/ipa/ipa_subdomains.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index f36e1bc69..4a3a69161 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -78,8 +78,11 @@ ipa_subdom_reinit(struct ipa_subdomains_ctx *ctx)
"Re-initializing domain %s\n", ctx->be_ctx->domain->name);
ret = sss_write_krb5_conf_snippet(
- dp_opt_get_string(ctx->ipa_id_ctx->ipa_options->basic,
- IPA_KRB5_CONFD_PATH));
+ dp_opt_get_string(ctx->ipa_id_ctx->ipa_options->basic,
+ IPA_KRB5_CONFD_PATH),
+ dp_opt_get_bool(
+ ctx->ipa_id_ctx->ipa_options->auth_ctx->krb5_auth_ctx->opts,
+ KRB5_CANONICALIZE));
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, "sss_write_krb5_conf_snippet failed.\n");
/* Just continue */
generated by cgit (git 2.34.1) at 2024-05-22 15:52:33 +0000