[Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names
Simo Sorce
simo at redhat.com
Mon Nov 30 18:42:02 UTC 2015
On Wed, 2015-11-25 at 10:33 +0100, Martin Babinsky wrote:
> On 11/24/2015 10:20 PM, Simo Sorce wrote:
> > This addresses #3860, giving admins the option to not require preauth
> > for Hosts and services.
> >
> > I did not add this option by default, although it does reduce the load
> > on the KDC as well as speed up TGT acquisition for service principal
> > accounts that acquire TGTs.
> >
> > Tested and working as expected (SPNs are not returned PREAUTH_NEEDED
> > error while normal users are).
> >
> > HTH,
> > Simo.
> >
> >
> >
> Hi Simo,
>
> I was not able to apply the patch on current master branch:
>
> """
> git am
> ../review/ssorce/3860/freeipa-simo-558-1-Allow-admins-to-disable-preauth-for-SPNs.patch
> -3
>
> Applying: Allow admins to disable preauth for SPNs.
> error: invalid object 100644 a6b4d4349a9ac6de453d9ad3c679ec32add4e43b
> for 'ipalib/plugins/config.py'
> fatal: git-write-tree: error building trees
> Repository lacks necessary blobs to fall back on 3-way merge.
> Cannot fall back to three-way merge.
> Patch failed at 0001 Allow admins to disable preauth for SPNs.
> """
>
> It seems that I nedd to apply some of your other patches first (which one?)
Sorry did not see this question earlier, it requires 556 and 557, I just
bumped that thread.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list