summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-09-29 13:30:59 -0500
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-09-29 13:30:59 -0500
commit80c65755dc02df84c632a9eba82dae8f8daab67f (patch)
treed9a439d1f7ccc860d427d25da57a0661cc63e2e5
parentd9172dad3c94e373c944d6f4e7a06262ed0329a1 (diff)
downloadlibtdeldap-80c65755dc02df84c632a9eba82dae8f8daab67f.tar.gz
libtdeldap-80c65755dc02df84c632a9eba82dae8f8daab67f.zip
Write missing appdefaults section on client machines
-rw-r--r--src/libtdeldap.cpp15
-rw-r--r--src/libtdeldap.h1
2 files changed, 16 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 37cc76b..772596a 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -4825,6 +4825,21 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
stream << "# All changes will be lost!\n";
stream << "\n";
+ // Appdefaults
+ stream << "[appdefaults]\n";
+ if (realmList.begin() != realmList.end()) {
+ LDAPRealmConfig realmcfg = *realmList.begin();
+ TQString ldap_certfile = LDAP_CERT_FILE;
+ TQString ldap_crlfile = LDAP_CERTREVOC_FILE;
+ ldap_certfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server);
+ ldap_crlfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server);
+
+ stream << " pkinit_anchors = FILE:" << ldap_certfile << "\n";
+ stream << " pkinit_revoke = FILE:" << ldap_crlfile << "\n";
+ }
+ stream << " pkinit_require_crl_checking = true\n";
+ stream << "\n";
+
// Defaults
stream << "[libdefaults]\n";
stream << " ticket_lifetime = " << clientRealmConfig.ticketLifetime << "\n";
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index b404ed7..69e7805 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -59,6 +59,7 @@
#define LDAP_CERT_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crt"
#define LDAP_CERTKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.key"
#define LDAP_CERTREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.req"
+#define LDAP_CERTREVOC_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crl"
#define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "openssl.cfg"