[Freeipa-devel] [PATCH 562-563] Fix ipa-sam to use the getkeytab control instead of the setkeytab control

[Alexander Bokovoy]

On Thu, 03 Dec 2015, Simo Sorce wrote:
>The first patch is preparatory and is needed in general now that we want
>top allow alias and use krbCanonicalName as the canonical name when
>multiple values are avilable in krbPrincipalName.
>
>The second patch changes slightly how the interdomain trust account is
>created so that the getkeytab control can generate the proper key (with
>the right salt) for interop reasons with AD. The change should be
>upgrade safe because keys are generate at account creation so older
>accounts lacking the alias won't be a problem.
>
>Fixes ##5495
This patchset seems to fall through cracks -- it was ACKed but not
committed.
-- 
/ Alexander Bokovoy