Commit - SSSD/sssd - e81a816cddab4a62f263d1a0274d5d3f101e8e0f

    Modify principal selection for keytab authentication
    
    Currently we construct the principal as host/fqdn@REALM. The problem
    with this is that this principal doesn't have to be in the keytab. In
    that case the provider fails to start. It is better to scan the keytab
    and find the most suitable principal to use. Only in case no suitable
    principal is found the backend should fail to start.
    
    The second issue solved by this patch is that the realm we are
    authenticating the machine to can be in general different from the realm
    our users are part of (in case of cross Kerberos trust).
    
    The patch adds new configuration option SDAP_SASL_REALM.
    
    https://fedorahosted.org/sssd/ticket/781

src/config/SSSDConfig.py

file modified

+1 -0

src/providers/ipa/ipa_common.c

file modified

+53 -21

src/providers/ipa/ipa_common.h

file modified

+1 -1

src/providers/ldap/ldap_child.c

file modified

+3 -2

src/providers/ldap/ldap_common.c

file modified

+1 -0

src/providers/ldap/sdap.h

file modified

+1 -0

src/providers/ldap/sdap_async_connection.c

file modified

+7 -2

src/providers/ldap/sdap_child_helpers.c

file modified

+7 -2

src/util/sss_krb5.c

file modified

+172 -2

src/util/sss_krb5.h

file modified

+8 -0

SSSD / sssd

Source Code

Documentation

e81a816 Modify principal selection for keytab authentication

10 files Authored by jzeleny 13 years ago, Committed by sgallagh 13 years ago,

`e81a816` Modify principal selection for keytab authentication