[Freeipa-devel] [PATCH] restrict setkeytab operation
Simo Sorce
simo at redhat.com
Mon Jul 25 15:01:30 UTC 2016
On Mon, 2016-07-25 at 10:55 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > As described in #232 start restricting the use of the setkeytab
> > operation to just the computers objects.
> >
> > I haven't tested this with older RHEL/CentOS machines that actully use
> > the setkeytab operation as I do not have such an old VM handy right now.
> >
> > Meanwhile I'd like to know if ppl agree with this approach.
>
> What about services?
Do we automatically acquire keytab for services in the old clients ?
Are you thinking about scripted ipa-getkytab callouts ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list