[Freeipa-devel] [PATCH] #2122 Fix PAC re-signing
Simo Sorce
simo at redhat.com
Tue Nov 29 00:43:57 UTC 2011
On Thu, 2011-11-24 at 13:54 +0100, Sumit Bose wrote:
> I think I found two issues which should be fixed by the following
> patch:
> - krb5_pac_add_buffer() expects krb5_pac and not krb5_pac * as a
> second
> argument
good catch
> - your patch copies all buffers, including the checksums, which you
> wanted to remove from the new pac
also good catch
> With this patch applied I do not see any errors in the krb5kdc.log and
> ssh from AD to IPA server works.
I still haven't solved my ssh issue from an AD client to IPA, but I get
a ticket on the client now, so it must be unrelated stuff.
I have prepared a patch which have a slightly different version of your
fixes.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-ipa-kdb-Support-re-signing-PAC-with-different-checks-2.patch
Type: text/x-patch
Size: 3180 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111128/2e42d655/attachment.bin>
More information about the Freeipa-devel
mailing list