rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0087-IPA-default-krb5_fast_principal-to-host-client-realm.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   9cb92d9417324a0393d82d33d06d4490da76e226
  2.   SOURCES
  3.   0087-IPA-default-krb5_fast_principal-to-host-client-realm.patch
Blob History Raw
2fc102 
From 920e81404bc37e57f2d7613ca9031e2337c1edd0 Mon Sep 17 00:00:00 2001
2fc102 
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
2fc102 
Date: Fri, 14 Feb 2014 11:45:50 +0100
2fc102 
Subject: [PATCH 87/88] IPA: default krb5_fast_principal to host/$client@$realm
2fc102
2fc102 
If krb5_fast_principal is not set in sssd.conf it was set to host/$client,
2fc102 
KRB5 default realm was used which doesn't have to be the same as realm
2fc102 
used for IPA, thus authentication failed when using FAST.
2fc102
2fc102 
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
2fc102 
(cherry picked from commit e325cabe762fad7d696e014a7fdbb47a5cb8174a)
2fc102 
---
2fc102 
 src/providers/ipa/ipa_common.c | 8 +++++---
2fc102 
 1 file changed, 5 insertions(+), 3 deletions(-)
2fc102
2fc102 
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
2fc102 
index e0abd169302406a555728589185b67e0fbbcfe94..d4db1549b3657268381d0e425615c1b389fed23e 100644
2fc102 
--- a/src/providers/ipa/ipa_common.c
2fc102 
+++ b/src/providers/ipa/ipa_common.c
2fc102 
@@ -665,13 +665,15 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
2fc102 
     }
2fc102
2fc102 
     /* If krb5_fast_principal was not set explicitly, default to
2fc102 
-     * host/$client_hostname
2fc102 
+     * host/$client_hostname@REALM
2fc102 
      */
2fc102 
     value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL);
2fc102 
     if (value == NULL) {
2fc102 
-        value = talloc_asprintf(ipa_opts->auth, "host/%s",
2fc102 
+        value = talloc_asprintf(ipa_opts->auth, "host/%s@%s",
2fc102 
                                     dp_opt_get_string(ipa_opts->basic,
2fc102 
-                                                      IPA_HOSTNAME));
2fc102 
+                                                      IPA_HOSTNAME),
2fc102 
+                                    dp_opt_get_string(ipa_opts->auth,
2fc102 
+                                                      KRB5_REALM));
2fc102 
         if (value == NULL) {
2fc102 
             DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n",
2fc102 
                      ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name));
2fc102 
--
2fc102 
1.8.5.3
2fc102

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation