[Freeipa-devel] [PATCH 562-563] Fix ipa-sam to use the getkeytab control instead of the setkeytab control
Martin Basti
mbasti at redhat.com
Mon Feb 1 12:30:24 UTC 2016
On 14.01.2016 10:01, Alexander Bokovoy wrote:
> On Thu, 14 Jan 2016, Martin Basti wrote:
>>
>>
>> On 14.01.2016 08:24, Alexander Bokovoy wrote:
>>> On Thu, 03 Dec 2015, Simo Sorce wrote:
>>>> The first patch is preparatory and is needed in general now that we
>>>> want
>>>> top allow alias and use krbCanonicalName as the canonical name when
>>>> multiple values are avilable in krbPrincipalName.
>>>>
>>>> The second patch changes slightly how the interdomain trust account is
>>>> created so that the getkeytab control can generate the proper key
>>>> (with
>>>> the right salt) for interop reasons with AD. The change should be
>>>> upgrade safe because keys are generate at account creation so older
>>>> accounts lacking the alias won't be a problem.
>>>>
>>>> Fixes ##5495
>>> This patchset seems to fall through cracks -- it was ACKed but not
>>> committed.
>> IIRC all simo's ACKed patches which haven't been pushed depend on
>> simo's patch 560, which has no ACK
>>
>> If not then, patches need rebase, they have missing blobs
> no, 560 is unrelated.
>
Pushed to:
master: f9ed0b6ff8bf7e59de5450200d9fc5ad6e05299c
ipa-4-3: 7e09456d8b80eabb87bb2cf595904b5cc740af8e
More information about the Freeipa-devel
mailing list