[Freeipa-devel] Fix password changes via kadmin
Simo Sorce
simo at redhat.com
Wed May 27 13:47:10 UTC 2015
On Wed, 2015-05-27 at 15:25 +0200, Martin Babinsky wrote:
> On 05/25/2015 10:48 AM, Martin Babinsky wrote:
> > On 04/06/2015 12:53 AM, Simo Sorce wrote:
> >> Fix for bug 4914.
> >>
> >> I've tested it locally and seem to do exactly what is needed. I couldn't
> >> detect any side effects, except that if you use kadmin to get a
> >> randomized password for a service then you'll get a key for all
> >> supported types (currently aes256, aes128, des3, rc4, camellia128,
> >> camellia256) instead of just the default ones (aes256, aes128, des3,
> >> rc4) if you do not specify enctypes. I think that is fine, we use
> >> ipa-getkeytab anyway in the normal course of business and that one uses
> >> a different code path.
> >>
> >> Simo.
> >>
> >>
> >>
> >
> > Hi Simo,
> >
> > the patch works as expected.
> >
> > My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c'
> > between lines 389 and 455. It could be made into a single function to
> > get key encoding/salt types from LDAP (see my feeble and untested
> > attempt which I attached).
> >
> >
> >
> ACK.
>
> I will then send the patch fixing duplicate code separately once I
> consult it with somebody more skilled in C than myself.
>
Thanks, added your reviewed-by and pushed to master.
Martin, should we push this to other branches too ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list