diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-29 13:30:59 -0500 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-29 13:30:59 -0500 |
commit | 80c65755dc02df84c632a9eba82dae8f8daab67f (patch) | |
tree | d9a439d1f7ccc860d427d25da57a0661cc63e2e5 | |
parent | d9172dad3c94e373c944d6f4e7a06262ed0329a1 (diff) | |
download | libtdeldap-80c65755dc02df84c632a9eba82dae8f8daab67f.tar.gz libtdeldap-80c65755dc02df84c632a9eba82dae8f8daab67f.zip |
Write missing appdefaults section on client machines
-rw-r--r-- | src/libtdeldap.cpp | 15 | ||||
-rw-r--r-- | src/libtdeldap.h | 1 |
2 files changed, 16 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 37cc76b..772596a 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -4825,6 +4825,21 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig stream << "# All changes will be lost!\n"; stream << "\n"; + // Appdefaults + stream << "[appdefaults]\n"; + if (realmList.begin() != realmList.end()) { + LDAPRealmConfig realmcfg = *realmList.begin(); + TQString ldap_certfile = LDAP_CERT_FILE; + TQString ldap_crlfile = LDAP_CERTREVOC_FILE; + ldap_certfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server); + ldap_crlfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server); + + stream << " pkinit_anchors = FILE:" << ldap_certfile << "\n"; + stream << " pkinit_revoke = FILE:" << ldap_crlfile << "\n"; + } + stream << " pkinit_require_crl_checking = true\n"; + stream << "\n"; + // Defaults stream << "[libdefaults]\n"; stream << " ticket_lifetime = " << clientRealmConfig.ticketLifetime << "\n"; diff --git a/src/libtdeldap.h b/src/libtdeldap.h index b404ed7..69e7805 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -59,6 +59,7 @@ #define LDAP_CERT_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crt" #define LDAP_CERTKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.key" #define LDAP_CERTREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.req" +#define LDAP_CERTREVOC_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crl" #define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "openssl.cfg" |