https://fedorahosted.org/freeipa/ticket/5912

From 7a55f169181ab8647cd2d919f35c004b14d5bc7f Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Fri, 27 May 2016 16:12:31 +0200
Subject: [PATCH] Added krb5.conf.d/ to included dirs in krb5.conf

The include of /etc/krb5.conf.d/ is required for crypto-policies to work properly

https://fedorahosted.org/freeipa/ticket/5912
---
 client/ipa-client-install        | 3 ++-
 install/share/krb5.conf.template | 1 +
 ipaplatform/base/paths.py        | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/client/ipa-client-install b/client/ipa-client-install
index cff3fbfcdee8690c9466ea339a362edfb151a11a..ddefdbc385b5ac4619debf96610e8a7cdb18fc2e 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -1058,7 +1058,8 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
     krbconf.setIndent(("","  ","    "))
 
     opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'},
-            {'name':'empty', 'type':'empty'}]
+            {'name':'empty', 'type':'empty'},
+            {'name':'includedir', 'type':'option', 'value':paths.COMMON_KRB5_CONF_DIR, 'delim':' '}]
 
     # SSSD include dir
     if options.sssd:
diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template
index 92431d3fde6afecd0e74803e18724379e8746f9b..f8b256aee690def6c415004df948a34d485578b1 100644
--- a/install/share/krb5.conf.template
+++ b/install/share/krb5.conf.template
@@ -1,3 +1,4 @@
+includedir /etc/krb5.conf.d/
 includedir /var/lib/sss/pubconf/krb5.include.d/
 
 [logging]
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index ca7eb6cf47b4442fa538a47c74846e13c25e02e8..336839b71e446bfc459d3bd5065b4c029b312832 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -68,6 +68,7 @@ class BasePathNamespace(object):
     DNSSEC_SOFTHSM_PIN_SO = "/etc/ipa/dnssec/softhsm_pin_so"
     IPA_NSSDB_DIR = "/etc/ipa/nssdb"
     IPA_NSSDB_PWDFILE_TXT = "/etc/ipa/nssdb/pwdfile.txt"
+    COMMON_KRB5_CONF_DIR = "/etc/krb5.conf.d/"
     KRB5_CONF = "/etc/krb5.conf"
     KRB5_KEYTAB = "/etc/krb5.keytab"
     LDAP_CONF = "/etc/ldap.conf"
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to