[Freeipa-devel] [PATCH] 116 Add PAC to master host TGTs
Alexander Bokovoy
abokovoy at redhat.com
Thu Jul 11 11:03:15 UTC 2013
On Wed, 10 Jul 2013, Simo Sorce wrote:
>On Wed, 2013-07-10 at 19:55 +0300, Alexander Bokovoy wrote:
>> >>> The patch looks good to me so I'm giving my +1. I would appreciate
>> other
>> >>> review too before a full ack, though.
>> >>
>> >> I've nacked the approach, although the results are as expected.
>> >> Alexander will send a simplified patch that avoids the extra search
>> and
>> >> use of managedby which is not ok.
>> > New patch attached.
>> After discussion with Simo on IRC, I decided to use krb5_parse_name()
>> to
>> properly parse krbPrincipalName attribute for the service and veto it
>> against pre-defined set of services we support generating MS-PAC for
>> on
>> the IPA master.
>>
>> The list currently includes only cifs/ipa.master at REALM and
>> HTTP/ipa.master at REALM as host/ipa.master at REALM is handled by the
>> is_host
>> case.
>>
>LGTM.
Committed to master.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list