[Freeipa-devel] [PATCH] 29 Configure SSSD to store password if offline

Wed, 13 Jul 2011 04:05:47 -0700

Enable the krb5_store_password_if_offline option in sssd.conf by default. To turn it off, use --no-krb5-offline-passwords option in ipa-client-install. 

https://fedorahosted.org/freeipa/ticket/1359

Honza

--
Jan Cholasta

>From 7cd7a371fa85410f2dd22250ed9473a6a28ab71e Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Tue, 28 Jun 2011 14:19:51 +0200
Subject: [PATCH] Configure SSSD to store user password if offline.

ticket 1359
---
 ipa-client/ipa-install/ipa-client-install |    4 ++++
 ipa-client/man/ipa-client-install.1       |    3 +++
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 884dd21..6bdeb87 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -90,6 +90,8 @@ def parse_options():
                       help="The hostname of this server (FQDN). By default of nodename from uname(2) is used.")
     parser.add_option("", "--enable-dns-updates", dest="dns_updates", action="store_true", default=False,
                       help="Configures the machine to attempt dns updates when the ip address changes.")
+    parser.add_option("--no-krb5-offline-passwords", dest="krb5_offline_passwords", action="store_false",
+                      help="Configure SSSD not to store user password when the server is offline", default=True)
 
     options, args = parser.parse_args()
     safe_opts = parser.get_safe_opts(options)
@@ -550,6 +552,8 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
 
     if options.dns_updates:
         domain.set_option('ipa_dyndns_update', True)
+    if options.krb5_offline_passwords:
+        domain.set_option('krb5_store_password_if_offline', True)
 
     domain.set_active(True)
 
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 40d53a8..e689177 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -81,6 +81,9 @@ The hostname of this server (FQDN). By default of nodename from uname(2) is used
 .TP
 \fB\-\-enable\-dns\-updates\fR
 This option tells SSSD to automatically update DNS with the IP address of this client.
+.TP
+\fB\-\-no\-krb5\-offline\-passwords\fR
+Configure SSSD not to store user password when the server is offline.
 .SH "EXIT STATUS"
 0 if the installation was successful
 
-- 
1.7.4.4


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to