[Freeipa-devel] [PATCH 562-563] Fix ipa-sam to use the getkeytab control instead of the setkeytab control
Martin Basti
mbasti at redhat.com
Thu Jan 14 08:54:47 UTC 2016
On 14.01.2016 08:24, Alexander Bokovoy wrote:
> On Thu, 03 Dec 2015, Simo Sorce wrote:
>> The first patch is preparatory and is needed in general now that we want
>> top allow alias and use krbCanonicalName as the canonical name when
>> multiple values are avilable in krbPrincipalName.
>>
>> The second patch changes slightly how the interdomain trust account is
>> created so that the getkeytab control can generate the proper key (with
>> the right salt) for interop reasons with AD. The change should be
>> upgrade safe because keys are generate at account creation so older
>> accounts lacking the alias won't be a problem.
>>
>> Fixes ##5495
> This patchset seems to fall through cracks -- it was ACKed but not
> committed.
IIRC all simo's ACKed patches which haven't been pushed depend on simo's
patch 560, which has no ACK
If not then, patches need rebase, they have missing blobs
More information about the Freeipa-devel
mailing list