diff options
author | Sumit Bose <sbose@redhat.com> | 2016-02-17 16:40:57 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-02-23 12:30:24 +0100 |
commit | 763f24777fe3c9be4efe495077e7bb1feb99a3bd (patch) | |
tree | 1aa814b91d77bd96afefa1b0ab71036ceb22c184 /src/providers | |
parent | f6c1f6a561bdd5b4bba03c02988a724da3dad387 (diff) | |
download | sssd-763f24777fe3c9be4efe495077e7bb1feb99a3bd.tar.gz sssd-763f24777fe3c9be4efe495077e7bb1feb99a3bd.tar.xz sssd-763f24777fe3c9be4efe495077e7bb1feb99a3bd.zip |
subdomains: inherit ldap_krb5_keytab
If a non-default keytab is configured for the parent domain the
subdomains will still use the default keytab because the alternative
keytab is not inherited. As a consequence SSSD might not be able to
connect to services in the subdomain because the default keytab is
either not present or does not have suitable keys.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index c0863a6d5..888cbb509 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -250,6 +250,7 @@ static void sdap_inherit_basic_options(char **inherit_opt_list, int inherit_options[] = { SDAP_PURGE_CACHE_TIMEOUT, SDAP_AD_USE_TOKENGROUPS, + SDAP_KRB5_KEYTAB, SDAP_OPTS_BASIC /* sentinel */ }; int i; |