Write out remaining appdefaults entries on client

10 years ago · 7ebf958b10
parent 53a442c926
commit 7ebf958b10
1 changed files with 6 additions and 3 deletions
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@ -4904,10 +4904,13 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
 			ldap_certfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server);
 			ldap_crlfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server);

-			stream << "	pkinit_anchors = FILE:" << ldap_certfile << "\n";
-			stream << "	pkinit_revoke = FILE:" << ldap_crlfile << "\n";
+			stream << "    pkinit_anchors = FILE:" << ldap_certfile << "\n";
+			stream << "    pkinit_revoke = FILE:" << ldap_crlfile << "\n";
 		}
-		stream << "	pkinit_require_crl_checking = true\n";
+		stream << "    pkinit_require_crl_checking = true\n";
+		stream << "    pam = {\n";
+		stream << "        pkinit_user = PKCS11:" << TDECryptographicCardDevice::pkcsProviderLibrary() << "\n";
+		stream << "    }\n";
 		stream << "\n";

 		// Defaults