[Freeipa-devel] [PATCH 562-563] Fix ipa-sam to use the getkeytab control instead of the setkeytab control
Alexander Bokovoy
abokovoy at redhat.com
Thu Jan 14 09:01:27 UTC 2016
On Thu, 14 Jan 2016, Martin Basti wrote:
>
>
>On 14.01.2016 08:24, Alexander Bokovoy wrote:
>>On Thu, 03 Dec 2015, Simo Sorce wrote:
>>>The first patch is preparatory and is needed in general now that we want
>>>top allow alias and use krbCanonicalName as the canonical name when
>>>multiple values are avilable in krbPrincipalName.
>>>
>>>The second patch changes slightly how the interdomain trust account is
>>>created so that the getkeytab control can generate the proper key (with
>>>the right salt) for interop reasons with AD. The change should be
>>>upgrade safe because keys are generate at account creation so older
>>>accounts lacking the alias won't be a problem.
>>>
>>>Fixes ##5495
>>This patchset seems to fall through cracks -- it was ACKed but not
>>committed.
>IIRC all simo's ACKed patches which haven't been pushed depend on
>simo's patch 560, which has no ACK
>
>If not then, patches need rebase, they have missing blobs
no, 560 is unrelated.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list