From 9677308caa78ed722570aea32f21334b8c27bad3 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 29 Nov 2013 13:29:20 +0100
Subject: Allow kernel keyring CCACHE when supported

Server and client installer should allow kernel keyring ccache when
supported.

https://fedorahosted.org/freeipa/ticket/4013
---
 ipa-client/ipa-install/ipa-client-install | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ipa-client/ipa-install/ipa-client-install')

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index c74e6840c..0b9c6e98e 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -44,6 +44,7 @@ try:
         realm_to_suffix)
     import ipapython.services as ipaservices
     from ipapython import ipautil, sysrestore, version, certmonger, ipaldap
+    from ipapython import kernel_keyring
     from ipapython.config import IPAOptionParser
     from ipalib import api, errors
     from ipalib import x509
@@ -952,6 +953,12 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
     libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'})
     libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'})
 
+    # Configure KEYRING CCACHE if supported
+    if kernel_keyring.is_persistent_keyring_supported():
+        root_logger.debug("Enabling persistent keyring CCACHE")
+        libopts.append({'name':'default_ccache_name', 'type':'option',
+            'value':'KEYRING:persistent:%{uid}'})
+
     opts.append({'name':'libdefaults', 'type':'section', 'value':libopts})
     opts.append({'name':'empty', 'type':'empty'})
 
-- 
cgit