[Freeipa-devel] [PATCH] Add kerberos mapping for clients outside the IPA domain

Thu, 20 Oct 2011 01:27:33 -0700 

Hello,

Proposed patch for bug https://fedorahosted.org/freeipa/ticket/2006

Best regards,
Lars

From cd62f50c7adba7eb7e240b9b051b90ba9cb3ce70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6str=C3=B6m?= <[email protected]>
Date: Thu, 20 Oct 2011 09:34:19 +0200
Subject: [PATCH] Add kerberos mapping for clients outside the IPA domain

---
 ipa-client/ipa-install/ipa-client-install |   16 ++++++++++++++--
 1 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 85d7867..fc3437e 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -546,7 +546,7 @@ def hardcode_ldap_server(cli_server):
 
     return
 
-def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options, filename):
+def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options, filename, sys_cli_domain=None):
 
     krbconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
     krbconf.setOptionAssignment(" = ")
@@ -589,6 +589,12 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, c
     #[domain_realm]
     dropts = [{'name':'.'+cli_domain, 'type':'option', 'value':cli_realm},
               {'name':cli_domain, 'type':'option', 'value':cli_realm}]
+
+    #add mapping if client is outside of IPA domain
+    if sys_cli_domain:
+        dropts.append({'name':'.'+sys_cli_domain, 'type':'option', 'value':cli_realm})
+        dropts.append({'name':sys_cli_domain, 'type':'option', 'value':cli_realm})
+
     opts.append({'name':'domain_realm', 'type':'section', 'value':dropts})
     opts.append({'name':'empty', 'type':'empty'})
 
@@ -895,6 +901,12 @@ def install(options, env, fstore, statestore):
             cli_domain = ds.getDomainName()
             logging.debug("will use domain: %s\n", cli_domain)
 
+    p = hostname.find(".")
+    sys_cli_domain = hostname[p+1:]
+ 
+    if sys_cli_domain == cli_domain:
+        sys_cli_domain = None
+
     if ret in (ipadiscovery.NO_LDAP_SERVER, ipadiscovery.NOT_IPA_SERVER) \
             or not ds.getServerName():
         logging.debug("IPA Server not found")
@@ -1015,7 +1027,7 @@ def install(options, env, fstore, statestore):
                 print "Unable to sync time with IPA NTP server, assuming the time is in sync."
             (krb_fd, krb_name) = tempfile.mkstemp()
             os.close(krb_fd)
-            if configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options, krb_name):
+            if configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options, krb_name, sys_cli_domain):
                 print "Test kerberos configuration failed"
                 return CLIENT_INSTALL_ERROR
             env['KRB5_CONFIG'] = krb_name
-- 
1.7.6.4


_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to