[Freeipa-devel] Fix password changes via kadmin
Martin Babinsky
mbabinsk at redhat.com
Mon May 25 08:48:58 UTC 2015
On 04/06/2015 12:53 AM, Simo Sorce wrote:
> Fix for bug 4914.
>
> I've tested it locally and seem to do exactly what is needed. I couldn't
> detect any side effects, except that if you use kadmin to get a
> randomized password for a service then you'll get a key for all
> supported types (currently aes256, aes128, des3, rc4, camellia128,
> camellia256) instead of just the default ones (aes256, aes128, des3,
> rc4) if you do not specify enctypes. I think that is fine, we use
> ipa-getkeytab anyway in the normal course of business and that one uses
> a different code path.
>
> Simo.
>
>
>
Hi Simo,
the patch works as expected.
My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c'
between lines 389 and 455. It could be made into a single function to
get key encoding/salt types from LDAP (see my feeble and untested
attempt which I attached).
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-common-function-to-get-salt-types.patch
Type: text/x-patch
Size: 5838 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150525/4a945800/attachment.bin>
More information about the Freeipa-devel
mailing list