[Freeipa-devel] [PATCH] 468 don't run through pre-bind code on enrollment
Simo Sorce
ssorce at redhat.com
Fri Jun 11 20:37:12 UTC 2010
On Fri, 11 Jun 2010 16:16:32 -0400
Rob Crittenden <rcritten at redhat.com> wrote:
> Don't try to convert a host's password into a keytab.
>
> The migration plugin uses a pre-op function to automatically create
> kerberos credentials when binding using a password.
>
> The problem is that we do a simple bind when doing password-base host
> enrollment. This was causing krbPasswordExpiration to be set which
> isn't what we want for hosts. They really shouldn't go through this
> code at all.
I'd like to NACK and ask to check for the ipaHost objectClass instead
of strncmp()aring the principal with "host/"
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list