krb5_common.c revision 5843ad321944a028f6dee7e1fd4f9381c4953d07
75a6279dbae159d018ef812185416cf6df386c10Till Mossakowski Kerberos Provider Common Functions
ae17d457c2d00d47d65e8cd510c3fd21b9516ccbTill Mossakowski Sumit Bose <sbose@redhat.com>
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski Copyright (C) 2008-2009 Red Hat
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder This program is free software; you can redistribute it and/or modify
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder it under the terms of the GNU General Public License as published by
679d3f541f7a9ede4079e045f7758873bb901872Till Mossakowski the Free Software Foundation; either version 3 of the License, or
679d3f541f7a9ede4079e045f7758873bb901872Till Mossakowski (at your option) any later version.
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder This program is distributed in the hope that it will be useful,
1bb1684c83317dfd1692ab53415027b67d8f2faeTill Mossakowski but WITHOUT ANY WARRANTY; without even the implied warranty of
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
82d681fe6950e2a35f28fdefb874d060632faccaTill Mossakowski GNU General Public License for more details.
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski You should have received a copy of the GNU General Public License
e3c9174a782e90f965a0b080c22861c3ef5af12dTill Mossakowski along with this program. If not, see <http://www.gnu.org/licenses/>.
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc_%U_XXXXXX" }, NULL_STRING},
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 15 }, NULL_NUMBER },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_store_password_if_offline", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_renew_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER },
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING }
c529224e0ec191fbaa87261f05c34f89c17b3f3aTill Mossakowskierrno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder ret = dp_opt_set_string(opts, opt_id, str);
1bb1684c83317dfd1692ab53415027b67d8f2faeTill Mossakowski ret = krb5_string_to_deltat(str, &lifetime);
1bb1684c83317dfd1692ab53415027b67d8f2faeTill Mossakowski DEBUG(1, ("Invalid value [%s] for a lifetime.\n", str));
1bb1684c83317dfd1692ab53415027b67d8f2faeTill Mossakowski DEBUG(2, ("setenv [%s] failed.\n", env_name));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maedererrno_t check_and_export_options(struct dp_option *opts,
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder realm = dp_opt_get_cstring(opts, KRB5_REALM);
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder ret = dp_opt_set_string(opts, KRB5_REALM, dom->name);
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder DEBUG(2, ("setenv %s failed, authentication might fail.\n",
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME,
1b05bdb88b90d3c947351f262d7ae7d68f0a4a6fTill Mossakowski DEBUG(1, ("Failed to check value of krb5_renewable_lifetime. [%d][%s]\n",
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder ret = check_and_export_lifetime(opts, KRB5_LIFETIME,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("Failed to check value of krb5_lifetime. [%d][%s]\n",
7297175957c5ad3c0498032190b1dee9ec5fb873Christian Maeder use_fast_str = dp_opt_get_string(opts, KRB5_USE_FAST);
31c49f2fa23d4ac089f35145d80a224deb6ea7e4Till Mossakowski ret = check_fast(use_fast_str, &krb5_ctx->use_fast);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1);
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_USE_FAST));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder dummy = dp_opt_get_cstring(opts, KRB5_KDC);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("No KDC explicitly configured, using defaults.\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder dummy = dp_opt_get_cstring(opts, KRB5_KPASSWD);
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski DEBUG(1, ("No kpasswd server explicitly configured, "
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski "using the KDC or defaults.\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder dummy = dp_opt_get_cstring(opts, KRB5_CCNAME_TMPL);
6a57a555c8ef0a79aa5d20e1d721400dbffa564aMaciek Makowski DEBUG(1, ("Missing credential cache name template.\n"));
bfa9e03532243ceb487f0384d0f6a447f1ce7670Till Mossakowski if (dummy[0] != '/' && strncmp(dummy, "FILE:", 5) != 0) {
6a57a555c8ef0a79aa5d20e1d721400dbffa564aMaciek Makowski DEBUG(1, ("Currently only file based credential caches are supported "
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder "and krb5ccname_template must start with '/' or 'FILE:'\n"));
242691238a8d1a89581751d782af87ec5d7470c0Till Mossakowskierrno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder const char *conf_path, struct dp_option *opts)
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder krb5_servers = dp_opt_get_string(opts, KRB5_KDC);
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski DEBUG(4, ("No KDC found in configuration, trying legacy option\n"));
f534c0116096e25659ceaa57de030c497ce9345aTill Mossakowski ret = confdb_get_string(cdb, memctx, conf_path,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder ret = dp_opt_set_string(opts, KRB5_KDC, krb5_servers);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(9, ("Set krb5 server [%s] based on legacy krb5_kdcip option\n"));
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski DEBUG(0, ("Your configuration uses the deprecated option 'krb5_kdcip' "
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder "to specify the KDC. Please change the configuration to use "
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder "the 'krb5_server' option instead."));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maedererrno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder const char *conf_path, struct dp_option **_opts)
d08907a7832988612fbc0682b216e150d1e738d2Christian Maeder opts = talloc_zero(memctx, struct dp_option);
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski ret = dp_get_options(opts, cdb, conf_path, default_krb5_opts,
242691238a8d1a89581751d782af87ec5d7470c0Till Mossakowski /* If there is no KDC, try the deprecated krb5_kdcip option, too */
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski /* FIXME - this can be removed in a future version */
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski ret = krb5_try_kdcip(memctx, cdb, conf_path, opts);
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski DEBUG(1, ("sss_krb5_try_kdcip failed.\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maedererrno_t write_krb5info_file(const char *realm, const char *server,
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' ||
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("Missing or empty realm, server or service.\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder if (strcmp(service, SSS_KRB5KDC_FO_SRV) == 0) {
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder } else if (strcmp(service, SSS_KRB5KPASSWD_FO_SRV) == 0) {
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski DEBUG(1, ("Unsupported service [%s]\n.", service));
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski tmp_name = talloc_asprintf(tmp_ctx, PUBCONF_PATH"/.krb5info_dummy_XXXXXX");
b10d6cef708b7a659f2d3b367e8e0db0d03ae3f5Till Mossakowski krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm);
b10d6cef708b7a659f2d3b367e8e0db0d03ae3f5Till Mossakowski DEBUG(1, ("mkstemp failed [%d][%s].\n", ret, strerror(ret)));
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski ret = write(fd, server+written, server_len-written);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("write failed [%d][%s].\n", ret, strerror(ret)));
1a7b7802544aa94828d7f4e7be5788501c572934Till Mossakowski DEBUG(1, ("Write error, wrote [%d] bytes, expected [%d]\n",
1a7b7802544aa94828d7f4e7be5788501c572934Till Mossakowski ret = fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
1a7b7802544aa94828d7f4e7be5788501c572934Till Mossakowski DEBUG(1, ("fchmod failed [%d][%s].\n", ret, strerror(ret)));
6a57a555c8ef0a79aa5d20e1d721400dbffa564aMaciek Makowski DEBUG(1, ("close failed [%d][%s].\n", ret, strerror(ret)));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("rename failed [%d][%s].\n", ret, strerror(ret)));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maederstatic void krb5_resolve_callback(void *private_data, struct fo_server *server)
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski krb5_service = talloc_get_type(private_data, struct krb5_service);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("FATAL: No hostent available for server (%s)\n",
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder address = talloc_zero_size(krb5_service, 128);
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski if (inet_ntop(srvaddr->h_addrtype, srvaddr->h_addr_list[0],
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("inet_ntop failed [%d][%s].\n", ret, strerror(ret)));
6a57a555c8ef0a79aa5d20e1d721400dbffa564aMaciek Makowski address = talloc_asprintf_append(address, ":%d",
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("talloc_asprintf_append failed.\n"));
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski ret = write_krb5info_file(krb5_service->realm, address,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n"));
c0380b947eef252db81ee562246bb732555427f4Till Mossakowskiint krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder const char *service_name, const char *servers,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder const char *realm, struct krb5_service **_service)
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski service = talloc_zero(tmp_ctx, struct krb5_service);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder ret = be_fo_add_service(ctx, service_name);
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski DEBUG(1, ("Failed to create failover service!\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder service->name = talloc_strdup(service, service_name);
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski service->realm = talloc_strdup(service, realm);
b10d6cef708b7a659f2d3b367e8e0db0d03ae3f5Till Mossakowski ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("Failed to parse server list!\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder for (i = 0; list[i]; i++) {
f534c0116096e25659ceaa57de030c497ce9345aTill Mossakowski server_spec = talloc_strdup(service, list[i]);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder if (be_fo_is_srv_identifier(server_spec)) {
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski ret = be_fo_add_srv_server(ctx, service_name, service_name,
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski DEBUG(1, ("strtol failed on [%s]: [%d][%s].\n", port_str,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("Found additional characters [%s] in port number "
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski DEBUG(1, ("Illegal port number [%d].\n", port));
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski DEBUG(1, ("getservbyname cannot find service [%s].\n",
b10d6cef708b7a659f2d3b367e8e0db0d03ae3f5Till Mossakowski DEBUG(1, ("Unsupported port specifier in [%s].\n", list[i]));
f534c0116096e25659ceaa57de030c497ce9345aTill Mossakowski ret = be_fo_add_server(ctx, service_name, server_spec, (int) port,
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski ret = be_fo_service_add_callback(memctx, ctx, service_name,
b10d6cef708b7a659f2d3b367e8e0db0d03ae3f5Till Mossakowski DEBUG(1, ("Failed to add failover callback!\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maedererrno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
3476beb5baf84bef7cc7d627b130de9d48700399Christian Maeder file = talloc_asprintf(mem_ctx, KDCINFO_TMPL, realm);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(5, ("Could not remove [%s], [%d][%s]\n", file,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder file = talloc_asprintf(mem_ctx, KPASSWDINFO_TMPL, realm);
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski DEBUG(5, ("Could not remove [%s], [%d][%s]\n", file,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maedervoid remove_krb5_info_files_callback(void *pvt)
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski struct remove_info_files_ctx *ctx = talloc_get_type(pvt,
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski DEBUG(1, ("be_fo_run_callbacks_at_next_request failed, "
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder "krb5 info files will not be removed, because "
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski "it is unclear if they will be recreated properly.\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski DEBUG(1, ("be_fo_run_callbacks_at_next_request failed, "
74e82e43f5787027c5d4e523397525a259d6d001Christian Maeder "krb5 info files will not be removed, because "
3476beb5baf84bef7cc7d627b130de9d48700399Christian Maeder "it is unclear if they will be recreated properly.\n"));
b3dca469a9e267d6d71acfdeca7bf284d0581dc7Till Mossakowski DEBUG(1, ("talloc_new failed, cannot remove krb5 info files.\n"));
b3dca469a9e267d6d71acfdeca7bf284d0581dc7Till Mossakowski ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
21dae7237ac384abdb94a81e00b3f099873ec623Till Mossakowski DEBUG(1, ("remove_krb5_info_files failed.\n"));
b3dca469a9e267d6d71acfdeca7bf284d0581dc7Till Mossakowskivoid krb5_finalize(struct tevent_context *ev,
b3dca469a9e267d6d71acfdeca7bf284d0581dc7Till Mossakowski DEBUG(1, ("remove_krb5_info_files failed.\n"));
1df33829303cbf924aa018ac5ce9a28e69c17d22Till Mossakowskierrno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
b3dca469a9e267d6d71acfdeca7bf284d0581dc7Till Mossakowski if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
5b1394673f35f4d23cfe08175841ab414a39678eMarkus Roggenbach DEBUG(1, ("Missing KDC service name!\n"));
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx);
3476beb5baf84bef7cc7d627b130de9d48700399Christian Maeder krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
3476beb5baf84bef7cc7d627b130de9d48700399Christian Maeder DEBUG(1, ("Missing krb5_realm option!\n"));
c0380b947eef252db81ee562246bb732555427f4Till Mossakowski ctx->realm = talloc_strdup(ctx, krb5_realm);
6a57a555c8ef0a79aa5d20e1d721400dbffa564aMaciek Makowski ctx->kdc_service_name = krb5_ctx->service->name;
bfa9e03532243ceb487f0384d0f6a447f1ce7670Till Mossakowski ctx->kpasswd_service_name = krb5_ctx->kpasswd_service->name;
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx,
3476beb5baf84bef7cc7d627b130de9d48700399Christian Maedererrno_t krb5_install_sigterm_handler(struct tevent_context *ev,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder DEBUG(1, ("Missing krb5_realm option!\n"));
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
6a57a555c8ef0a79aa5d20e1d721400dbffa564aMaciek Makowski sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize,
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maedererrno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
79ee6b8eb396ed31807784a4bb1c9cc2ce094835Till Mossakowski realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
0c2a90cbfb63865ff485c3fbe20a14589a5914beTill Mossakowski /* NOTE: this is a hack, works only in some environments */
79ee6b8eb396ed31807784a4bb1c9cc2ce094835Till Mossakowski upn = talloc_asprintf(mem_ctx, "%s@%s", username, realm);
3476beb5baf84bef7cc7d627b130de9d48700399Christian Maeder DEBUG(9, ("Using simple UPN [%s].\n", upn));