[Freeipa-devel] [PATCH] 502 hosts can fetch keytabs
Rob Crittenden
rcritten at redhat.com
Mon Aug 16 21:14:12 UTC 2010
Pavel Zůna wrote:
> On 2010-08-06 04:50, Rob Crittenden wrote:
>> Enable a host to retrieve a keytab for all its services.
>>
>> Using the host service principal one should be able to retrieve a keytab
>> for other services for the host using ipa-getkeytab. This required a
>> number of changes:
>>
>> - allow hosts in the service's managedby to write krbPrincipalKey
>> - automatically add the host to managedby when a service is created
>> - fix ipa-getkeytab to return the entire prinicpal and not just the
>> first data element. It was returning "host" from the service tgt
>> and not host/ipa.example.com
>> - fix the display of the managedby attribute in the service plugin
>>
>> This led to a number of changes in the service unit tests. I took the
>> opportunity to switch to the Declarative scheme and tripled the number
>> of tests we were doing. This shed some light on a few bugs in the plugin:
>>
>> - if a service had a bad usercertificate it was impossible to delete the
>> service. I made it a bit more flexible.
>> - I added a summary for the mod and find commands
>> - has_keytab wasn't being set in the find output
>>
>> This is for ticket 68
>>
>> rob
>>
> ack.
>
> Pavel
pushed to master
More information about the Freeipa-devel
mailing list