From 4d48b172ab06692e9f23b24c120b61465f43c94b Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 22 Nov 2009 00:28:13 -0800 Subject: [PATCH] add pkinit configration for btmm --- kdc/config.c | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/kdc/config.c b/kdc/config.c index 61ef3f4e4..92a58622f 100644 --- a/kdc/config.c +++ b/kdc/config.c @@ -1,9 +1,10 @@ /* * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -215,7 +216,7 @@ configure(krb5_context context, int argc, char **argv) if (ret) krb5_err(context, 1, ret, "krb5_kdc_default_config"); - kdc_openlog(context, config); + kdc_openlog(context, "kdc", config); ret = krb5_kdc_set_dbinfo(context, config); if (ret) @@ -334,5 +335,33 @@ configure(krb5_context context, int argc, char **argv) krb5_kdc_windc_init(context); +#ifdef __APPLE__ + config->enable_pkinit = 1; + + if (config->pkinit_kdc_friendly_name == NULL) + config->pkinit_kdc_friendly_name = + strdup("O=System Identity,CN=com.apple.kerberos.kdc"); + if (config->pkinit_kdc_identity == NULL) + config->pkinit_kdc_identity = strdup("KEYCHAIN:"); + if (config->pkinit_kdc_anchors == NULL) + config->pkinit_kdc_anchors = strdup("KEYCHAIN:"); + +#endif + + if (config->enable_pkinit) { + if (config->pkinit_kdc_identity == NULL) + krb5_errx(context, 1, "pkinit enabled but no identity"); + + if (config->pkinit_kdc_anchors == NULL) + krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); + + _kdc_pk_initialize(context, config, + config->pkinit_kdc_identity, + config->pkinit_kdc_anchors, + config->pkinit_kdc_cert_pool, + config->pkinit_kdc_revoke); + + } + return config; }