From: Andreas Schneider Date: Wed, 23 Nov 2016 13:40:42 +0000 (+0100) Subject: s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos X-Git-Tag: samba-4.4.10~82 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12837101208be63b73245cd5eb2df882b55a52ca;p=thirdparty%2Fsamba.git s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos The system /etc/krb5.conf defines some defaults like: default_ccache_name = KEYRING:persistent:%{uid} We need to respect that so should include it in our own created krb5.conf file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12441 Signed-off-by: Andreas Schneider Reviewed-by: Alexander Bokovoy (cherry picked from commit 4ef772be3a7259b48253643392574fab28c37916) --- diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 4774a9fc726..94ff95cca31 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -844,6 +844,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, char *realm_upper = NULL; bool result = false; char *aes_enctypes = NULL; + const char *include_system_krb5 = ""; mode_t mask; if (!lp_create_krb5_conf()) { @@ -912,6 +913,12 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, } #endif +#if !defined(SAMBA4_USES_HEIMDAL) + if (lp_include_system_krb5_conf()) { + include_system_krb5 = "include /etc/krb5.conf"; + } +#endif + file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n" "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" @@ -919,9 +926,11 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" "\tdns_lookup_realm = false\n\n" "[realms]\n\t%s = {\n" - "%s\t}\n", + "%s\t}\n" + "%s\n", realm_upper, aes_enctypes, aes_enctypes, aes_enctypes, - realm_upper, kdc_ip_string); + realm_upper, kdc_ip_string, + include_system_krb5); if (!file_contents) { goto done;