Overview

File 0014-contrib-sssd-krb5-configuration-snippet.patch of Package sssd.41684

From b9d46048caefefe2bcde8a53cc982d9d11f24f13 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 29 Nov 2021 16:16:36 +0100
Subject: [PATCH] contrib: sssd krb5 configuration snippet
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add a configuration snippet for krb5 that points to the folder where the
sssd configuration for this service is located. This will enable
passwordless (GSSAPI) ssh to work without any sssd configuration change.

Resolves: https://github.com/SSSD/sssd/issues/5893

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Tomáš Halman <thalman@redhat.com>
---
 Makefile.am                  | 3 +++
 contrib/enable_sssd_conf_dir | 5 +++++
 contrib/sssd.spec.in         | 7 +++++++
 3 files changed, 15 insertions(+)
 create mode 100644 contrib/enable_sssd_conf_dir

diff --git a/Makefile.am b/Makefile.am
index 1dd06d74c..a14801c95 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,6 +57,7 @@ sssdconfdir = $(sysconfdir)/sssd
 sssddatadir = $(datadir)/sssd
 sssdapiplugindir = $(sssddatadir)/sssd.api.d
 sssdtapscriptdir = $(sssddatadir)/systemtap
+krb5snippetsdir = $(sssddatadir)/krb5-snippets
 dbuspolicydir = $(sysconfdir)/dbus-1/system.d
 dbusservicedir = $(datadir)/dbus-1/system-services
 sss_statedir = $(localstatedir)/lib/sss
@@ -4831,6 +4832,8 @@ sssd_krb5_localauth_plugin_la_LDFLAGS = \
     -module
 endif
 
+dist_krb5snippets_DATA = contrib/enable_sssd_conf_dir
+
 sssd_pac_plugin_la_SOURCES = \
     src/sss_client/sssd_pac.c \
     src/sss_client/common.c \
diff --git a/contrib/enable_sssd_conf_dir b/contrib/enable_sssd_conf_dir
new file mode 100644
index 000000000..41536579c
--- /dev/null
+++ b/contrib/enable_sssd_conf_dir
@@ -0,0 +1,5 @@
+# This file should normally be installed by your distribution into a
+# directory that is included from the Kerberos configuration file (/etc/krb5.conf)
+# On Fedora/RHEL/CentOS, this is /etc/krb5.conf.d/
+
+includedir /var/lib/sss/pubconf/krb5.include.d/
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index e2877b64b..2701345ed 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -541,6 +541,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
 cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
    $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
 
+# krb5 configuration snippet
+cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
+   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
+
 # Create directory for cifs-idmap alternative
 # Otherwise this directory could not be owned by sssd-client
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
@@ -767,6 +771,9 @@ done
 %license COPYING
 %{_libdir}/%{name}/libsss_krb5.so
 %{_mandir}/man5/sssd-krb5.5*
+%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
+%dir %{_datadir}/sssd/krb5-snippets
+%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir
 
 %files common-pac
 %license COPYING
-- 
2.51.1
openSUSE Build Service is sponsored by
Places