diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-08-11 10:42:29 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2011-08-11 22:07:16 +0000 |
| commit | a1c690cc02a021bc400be00808dcf8463744c083 (patch) | |
| tree | 9000e2da51e399cf278885609cf4438051e14496 /ipa-client | |
| parent | bb31d3df2190edef181799bf2c159f4c986fcece (diff) | |
| download | freeipa-a1c690cc02a021bc400be00808dcf8463744c083.tar.gz freeipa-a1c690cc02a021bc400be00808dcf8463744c083.tar.xz freeipa-a1c690cc02a021bc400be00808dcf8463744c083.zip | |
Fix client enrollment
Enable GSSAPI credentials delegation in xmlrpc-c/curl to fix client
enrollment. The unconditional GSSAPI was previously dropped from
curl because of CVE-2011-2192.
https://fedorahosted.org/freeipa/ticket/1452
Diffstat (limited to 'ipa-client')
| -rw-r--r-- | ipa-client/ipa-join.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index 95f2939cd..f6ca69367 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -149,11 +149,13 @@ callRPC(xmlrpc_env * const envP, curlXportParmsP->no_ssl_verifypeer = 1; curlXportParmsP->no_ssl_verifyhost = 1; curlXportParmsP->cainfo = "/etc/ipa/ca.crt"; + /* Enable GSSAPI credentials delegation */ + curlXportParmsP->gssapi_delegation = 1; clientparms.transport = "curl"; clientparms.transportparmsP = (struct xmlrpc_xportparms *) curlXportParmsP; - clientparms.transportparm_size = XMLRPC_CXPSIZE(cainfo); + clientparms.transportparm_size = XMLRPC_CXPSIZE(gssapi_delegation); xmlrpc_client_create(envP, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION, &clientparms, sizeof(clientparms), &clientP); |