[Freeipa-devel] [PATCH] #2122 Fix PAC re-signing
Simo Sorce
simo at redhat.com
Tue Nov 29 14:32:30 UTC 2011
On Tue, 2011-11-29 at 10:13 +0100, Sumit Bose wrote:
> On Mon, Nov 28, 2011 at 07:43:57PM -0500, Simo Sorce wrote:
> > On Thu, 2011-11-24 at 13:54 +0100, Sumit Bose wrote:
> > > I think I found two issues which should be fixed by the following
> > > patch:
> > > - krb5_pac_add_buffer() expects krb5_pac and not krb5_pac * as a
> > > second
> > > argument
> >
> > good catch
> >
> > > - your patch copies all buffers, including the checksums, which you
> > > wanted to remove from the new pac
> >
> > also good catch
> >
> > > With this patch applied I do not see any errors in the krb5kdc.log and
> > > ssh from AD to IPA server works.
> >
> > I still haven't solved my ssh issue from an AD client to IPA, but I get
> > a ticket on the client now, so it must be unrelated stuff.
> >
> > I have prepared a patch which have a slightly different version of your
> > fixes.
>
> The patch looks fine and works for me.
>
> ACK
Thanks,
pushed to master.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list