s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos

The system /etc/krb5.conf defines some defaults like:

    default_ccache_name = KEYRING:persistent:%{uid}

We need to respect that so should include it in our own created
krb5.conf file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12441

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4ef772be3a7259b48253643392574fab28c37916)

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 4774a9fc726e009fe4c40928143a7977df63ddf1..94ff95cca317f7c60a282be9b5bb1f789f92003d 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -844,6 +844,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
        char *realm_upper = NULL;
        bool result = false;
        char *aes_enctypes = NULL;
+       const char *include_system_krb5 = "";
        mode_t mask;
 
        if (!lp_create_krb5_conf()) {
@@ -912,6 +913,12 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
        }
 #endif
 
+#if !defined(SAMBA4_USES_HEIMDAL)
+       if (lp_include_system_krb5_conf()) {
+               include_system_krb5 = "include /etc/krb5.conf";
+       }
+#endif
+
        file_contents = talloc_asprintf(fname,
                                        "[libdefaults]\n\tdefault_realm = %s\n"
                                        "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
@@ -919,9 +926,11 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
                                        "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
                                        "\tdns_lookup_realm = false\n\n"
                                        "[realms]\n\t%s = {\n"
-                                       "%s\t}\n",
+                                       "%s\t}\n"
+                                       "%s\n",
                                        realm_upper, aes_enctypes, aes_enctypes, aes_enctypes,
-                                       realm_upper, kdc_ip_string);
+                                       realm_upper, kdc_ip_string,
+                                       include_system_krb5);
 
        if (!file_contents) {
                goto done;