[Freeipa-devel] [PATCH] restrict setkeytab operation
Alexander Bokovoy
abokovoy at redhat.com
Mon Jul 25 15:06:50 UTC 2016
On Mon, 25 Jul 2016, Simo Sorce wrote:
>On Mon, 2016-07-25 at 10:55 -0400, Rob Crittenden wrote:
>> Simo Sorce wrote:
>> > As described in #232 start restricting the use of the setkeytab
>> > operation to just the computers objects.
>> >
>> > I haven't tested this with older RHEL/CentOS machines that actully use
>> > the setkeytab operation as I do not have such an old VM handy right now.
>> >
>> > Meanwhile I'd like to know if ppl agree with this approach.
>>
>> What about services?
>
>Do we automatically acquire keytab for services in the old clients ?
>
>Are you thinking about scripted ipa-getkytab callouts ?
There are people still using ipa 3.0 clients and scripting around it,
both with RHEL 6.x and CentOS 6.x. I wouldn't break those on purpose.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list