Added krb5.conf.d/ to included dirs in krb5.conf

The include of /etc/krb5.conf.d/ is required for crypto-policies to work properly https://fedorahosted.org/freeipa/ticket/5912 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-05-27 16:12:31 +02:00 · 2016-05-27 16:12:31 +02:00 · 2026677635
commit 2026677635
parent fdd2265bc4
3 changed files with 4 additions and 1 deletions
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@ -1058,7 +1058,8 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
    krbconf.setIndent(("","  ","    "))

    opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'},
-            {'name':'empty', 'type':'empty'}]
+            {'name':'empty', 'type':'empty'},
+            {'name':'includedir', 'type':'option', 'value':paths.COMMON_KRB5_CONF_DIR, 'delim':' '}]

    # SSSD include dir
    if options.sssd:
--- a/install/share/krb5.conf.template
+++ b/install/share/krb5.conf.template
@ -1,3 +1,4 @@
+includedir /etc/krb5.conf.d/
 includedir /var/lib/sss/pubconf/krb5.include.d/

 [logging]
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@ -68,6 +68,7 @@ class BasePathNamespace(object):
    DNSSEC_SOFTHSM_PIN_SO = "/etc/ipa/dnssec/softhsm_pin_so"
    IPA_NSSDB_DIR = "/etc/ipa/nssdb"
    IPA_NSSDB_PWDFILE_TXT = "/etc/ipa/nssdb/pwdfile.txt"
+    COMMON_KRB5_CONF_DIR = "/etc/krb5.conf.d/"
    KRB5_CONF = "/etc/krb5.conf"
    KRB5_KEYTAB = "/etc/krb5.keytab"
    LDAP_CONF = "/etc/ldap.conf"