[Freeipa-devel] [PATCH] Retrieve keytabs via LDAP
Simo Sorce
ssorce at redhat.com
Fri Dec 21 17:56:22 UTC 2007
On Fri, 2007-12-21 at 11:33 -0500, Karl MacMillan wrote:
> On Fri, 2007-12-21 at 11:04 -0500, Simo Sorce wrote:
> > While I am working on the merge with the changes in the upstream tree,
> > here there is the patch so that you can comment on it (Karl pushed hard
> > for me to send it to the list as is, so here it is :-).
> >
>
> Looks OK, but I can do very little useful review of this. Only comments:
>
> 1) The old ipa-getkeytab added the realm - so you would request
> host/baz.foo.bar instead of host/baz.foo.bar at FOO.BAR. I'm ok changing
> this, but thought I would mention it was a change.
I know, and if you look carefully I also require you to put in the
server name to get the keytab right now.
These 2 are "bugs" I'll fix later on.
The principal name thing is easy, I will push a patch in a few hours but
implementing the whole discovery thing again in C was a lot of work that
was not really core to the functionality. So I decided to do it once the
core was in. It is a bit annoying right now but not a tragedy to be
required to put in the KDC server name.
> 2) This is going to break the web portion that Rob did. Should we just
> let it break, disable it, or try to fix it? Fixing it should be
> possible, but not by release time.
Done as agreed via IRC.
Simo.
--
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |
More information about the Freeipa-devel
mailing list