Add krb5_conf_kdc_lookup

2022-04-08 00:33:54 +04:00 · 2022-04-08 00:33:54 +04:00 · 8d6c2940e4
commit 8d6c2940e4
parent d6a4c5949d
1 changed files with 18 additions and 0 deletions
--- a/ddiag.sh
+++ b/ddiag.sh
@ -104,9 +104,27 @@ test_keyring_krb5_conf_ccache()
    test -n "$ccache" -a "$ccache" == "keyring"
 }

+check_krb5_conf_kdc_lookup()
+{
+    local retval=0
+    echo -n "/etc/krb5.conf: dns_lookup_kdc "
+    if grep -q '^\s*dns_lookup_kdc\s*=\s*\([Tt][Rr][Uu][Ee]\|1\|[Yy][Ee][Ss]\)\s*$' /etc/krb5.conf; then
+        echo "is enabled"
+    else
+        if grep -q '^\s*dns_lookup_kdc\s*=' /etc/krb5.conf; then
+            echo "is disabled"
+            retval=1
+        else
+            echo "is enabled by default"
+        fi
+    fi
+    return $retval
+}
+
 run check_hostnamectl "Check hostnamectl"
 run test_hostname "Test hostname is FQDN"
 run check_system_auth "System authentication"
 run test_domain_system_auth "Domain system authentication"
 run check_krb5_conf_ccache "Kerberos credential cache"
 run test_keyring_krb5_conf_ccache "Keyring as kerberos credential cache"
+run check_krb5_conf_kdc_lookup "Check DNS lookup kerberos KDC"