[Freeipa-devel] [freeipa PR#40] do not use trusted forest name to construct domain admin principal (comment)
abbra
freeipa-github-notification at redhat.com
Wed Aug 31 12:45:58 UTC 2016
abbra commented on a pull request
"""
NACK. This is wrong.
In the case of external trust to a child domain we cannot run netr_DsRGetForestTrustInformation() against the child domain, regardless what credentials we have. Instead, we should run this request against the forest root domain using the credentials specified by the user.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/40#issuecomment-243752391
More information about the Freeipa-devel
mailing list