[Freeipa-devel] [PATCH] 0073 Add trust verification code
Sumit Bose
sbose at redhat.com
Tue Sep 18 10:42:49 UTC 2012
On Mon, Sep 17, 2012 at 06:44:36PM +0300, Alexander Bokovoy wrote:
> Hi,
>
> Following patch adds trust verification sequence to the case when we
> establish trust with knowledge of AD administrative credentials.
>
> As we found out, in order to validate/verify trust, one has to have
> administrative credentials for the trusted domain, since there are
> few RPCs that should be performed against trusted domain's DC's LSA
> and NetLogon pipes and these are protected by administrative credentials.
>
> Thus, when we know admin credentials for the remote domain, we can
> perform the trust validation.
>
> https://fedorahosted.org/freeipa/ticket/2763
>
Just a short feedback. The patch is working as expected, for a newly
created trust Windows will send a TGS request to the IPA KDC without
explicit validation on the windows side. Currently I have some issues
in my test setup so that I can not give a full ACK atm.
bye,
Sumit
>
> --
> / Alexander Bokovoy
More information about the Freeipa-devel
mailing list