[Freeipa-devel] [PATCH] #2122 Fix PAC re-signing
Sumit Bose
sbose at redhat.com
Tue Nov 29 09:13:11 UTC 2011
On Mon, Nov 28, 2011 at 07:43:57PM -0500, Simo Sorce wrote:
> On Thu, 2011-11-24 at 13:54 +0100, Sumit Bose wrote:
> > I think I found two issues which should be fixed by the following
> > patch:
> > - krb5_pac_add_buffer() expects krb5_pac and not krb5_pac * as a
> > second
> > argument
>
> good catch
>
> > - your patch copies all buffers, including the checksums, which you
> > wanted to remove from the new pac
>
> also good catch
>
> > With this patch applied I do not see any errors in the krb5kdc.log and
> > ssh from AD to IPA server works.
>
> I still haven't solved my ssh issue from an AD client to IPA, but I get
> a ticket on the client now, so it must be unrelated stuff.
>
> I have prepared a patch which have a slightly different version of your
> fixes.
The patch looks fine and works for me.
ACK
bye,
Sumit
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list