From 80c65755dc02df84c632a9eba82dae8f8daab67f Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Tue, 29 Sep 2015 13:30:59 -0500
Subject: Write missing appdefaults section on client machines

---
 src/libtdeldap.cpp | 15 +++++++++++++++
 src/libtdeldap.h   |  1 +
 2 files changed, 16 insertions(+)

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 37cc76b..772596a 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -4825,6 +4825,21 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
 		stream << "# All changes will be lost!\n";
 		stream << "\n";
 
+		// Appdefaults
+		stream << "[appdefaults]\n";
+		if (realmList.begin() != realmList.end()) {
+			LDAPRealmConfig realmcfg = *realmList.begin();
+			TQString ldap_certfile = LDAP_CERT_FILE;
+			TQString ldap_crlfile = LDAP_CERTREVOC_FILE;
+			ldap_certfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server);
+			ldap_crlfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server);
+
+			stream << "	pkinit_anchors = FILE:" << ldap_certfile << "\n";
+			stream << "	pkinit_revoke = FILE:" << ldap_crlfile << "\n";
+		}
+		stream << "	pkinit_require_crl_checking = true\n";
+		stream << "\n";
+
 		// Defaults
 		stream << "[libdefaults]\n";
 		stream << "    ticket_lifetime = " << clientRealmConfig.ticketLifetime << "\n";
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index b404ed7..69e7805 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -59,6 +59,7 @@
 #define LDAP_CERT_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crt"
 #define LDAP_CERTKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.key"
 #define LDAP_CERTREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.req"
+#define LDAP_CERTREVOC_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crl"
 
 #define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "openssl.cfg"
 
-- 
cgit v1.2.3