dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0086-IPA-Default-to-krb5_use_fast-try.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   b0333597cd050e257584476ed01caea9e6e90813
  2.   SOURCES
  3.   0086-IPA-Default-to-krb5_use_fast-try.patch
Blob History Raw
2fc102 
From 529c7ade2f7f633fdb80e2f5b2055afd5a017d2f Mon Sep 17 00:00:00 2001
2fc102 
From: Jakub Hrozek <jhrozek@redhat.com>
2fc102 
Date: Tue, 11 Feb 2014 15:36:04 +0100
2fc102 
Subject: [PATCH 86/88] IPA: Default to krb5_use_fast=try
2fc102 
MIME-Version: 1.0
2fc102 
Content-Type: text/plain; charset=UTF-8
2fc102 
Content-Transfer-Encoding: 8bit
2fc102
2fc102 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
2fc102 
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
2fc102 
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
2fc102 
---
2fc102 
 src/providers/ipa/ipa_common.c | 27 +++++++++++++++++++++++++++
2fc102 
 src/providers/ipa/ipa_opts.h   |  2 +-
2fc102 
 2 files changed, 28 insertions(+), 1 deletion(-)
2fc102
2fc102 
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
2fc102 
index 671374098afa1f2e00fc9cf1788ba4383b600a1b..e0abd169302406a555728589185b67e0fbbcfe94 100644
2fc102 
--- a/src/providers/ipa/ipa_common.c
2fc102 
+++ b/src/providers/ipa/ipa_common.c
2fc102 
@@ -664,6 +664,33 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
2fc102 
                   dp_opt_get_string(ipa_opts->auth, KRB5_REALM)));
2fc102 
     }
2fc102
2fc102 
+    /* If krb5_fast_principal was not set explicitly, default to
2fc102 
+     * host/$client_hostname
2fc102 
+     */
2fc102 
+    value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL);
2fc102 
+    if (value == NULL) {
2fc102 
+        value = talloc_asprintf(ipa_opts->auth, "host/%s",
2fc102 
+                                    dp_opt_get_string(ipa_opts->basic,
2fc102 
+                                                      IPA_HOSTNAME));
2fc102 
+        if (value == NULL) {
2fc102 
+            DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n",
2fc102 
+                     ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name));
2fc102 
+            ret = ENOMEM;
2fc102 
+            goto done;
2fc102 
+        }
2fc102 
+
2fc102 
+        ret = dp_opt_set_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL,
2fc102 
+                                value);
2fc102 
+        if (ret != EOK) {
2fc102 
+            DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n",
2fc102 
+                     ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name));
2fc102 
+            goto done;
2fc102 
+        }
2fc102 
+
2fc102 
+        DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
2fc102 
+              ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name, value));
2fc102 
+    }
2fc102 
+
2fc102 
     /* Set flag that controls whether we want to write the
2fc102 
      * kdcinfo files at all
2fc102 
      */
2fc102 
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
2fc102 
index 27dc3e2f977383836c18cb824abceb03c9e9056c..c46d421ad0bfb9272cbdadbfeea5ebcf65a7deb1 100644
2fc102 
--- a/src/providers/ipa/ipa_opts.h
2fc102 
+++ b/src/providers/ipa/ipa_opts.h
2fc102 
@@ -274,7 +274,7 @@ struct dp_option ipa_def_krb5_opts[] = {
2fc102 
     { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING },
2fc102 
     { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING },
2fc102 
     { "krb5_renew_interval", DP_OPT_STRING, NULL_STRING, NULL_STRING },
2fc102 
-    { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING },
2fc102 
+    { "krb5_use_fast", DP_OPT_STRING, { "try" }, NULL_STRING },
2fc102 
     { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING },
2fc102 
     { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
2fc102 
     { "krb5_use_enterprise_principal", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
2fc102 
--
2fc102 
1.8.5.3
2fc102

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation