[Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names
Martin Babinsky
mbabinsk at redhat.com
Fri Dec 4 13:23:20 UTC 2015
On 12/01/2015 10:08 PM, Simo Sorce wrote:
> On Tue, 2015-12-01 at 15:59 +0100, Martin Babinsky wrote:
>> On 11/30/2015 07:42 PM, Simo Sorce wrote:
>>> On Wed, 2015-11-25 at 10:33 +0100, Martin Babinsky wrote:
>>>> On 11/24/2015 10:20 PM, Simo Sorce wrote:
>>>>> This addresses #3860, giving admins the option to not require preauth
>>>>> for Hosts and services.
>>>>>
>>>>> I did not add this option by default, although it does reduce the load
>>>>> on the KDC as well as speed up TGT acquisition for service principal
>>>>> accounts that acquire TGTs.
>>>>>
>>>>> Tested and working as expected (SPNs are not returned PREAUTH_NEEDED
>>>>> error while normal users are).
>>>>>
>>>>> HTH,
>>>>> Simo.
>>>>>
>>>>>
>>>>>
>>>> Hi Simo,
>>>>
>>>> I was not able to apply the patch on current master branch:
>>>>
>>>> """
>>>> git am
>>>> ../review/ssorce/3860/freeipa-simo-558-1-Allow-admins-to-disable-preauth-for-SPNs.patch
>>>> -3
>>>>
>>>> Applying: Allow admins to disable preauth for SPNs.
>>>> error: invalid object 100644 a6b4d4349a9ac6de453d9ad3c679ec32add4e43b
>>>> for 'ipalib/plugins/config.py'
>>>> fatal: git-write-tree: error building trees
>>>> Repository lacks necessary blobs to fall back on 3-way merge.
>>>> Cannot fall back to three-way merge.
>>>> Patch failed at 0001 Allow admins to disable preauth for SPNs.
>>>> """
>>>>
>>>> It seems that I nedd to apply some of your other patches first (which one?)
>>>
>>> Sorry did not see this question earlier, it requires 556 and 557, I just
>>> bumped that thread.
>>>
>>> Simo.
>>>
>> It seems that I need something else, patch 556-2 applies cleanly, but
>> patch 557-3 fails with http://fpaste.org/296230/89819431/ on both master
>> and 4-2 branch.
>>
>
> Rebased 556,557 in their thread, and here is the rebase for 558 on top
> of them.
>
> Simo.
>
ACK. I'm afraid that this patch and 556, 557 will require another round
of rebase before pushing, though.
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list