[Freeipa-devel] Fix password changes via kadmin
Alexander Bokovoy
abokovoy at redhat.com
Wed May 27 13:55:16 UTC 2015
On Wed, 27 May 2015, Simo Sorce wrote:
>On Wed, 2015-05-27 at 15:25 +0200, Martin Babinsky wrote:
>> On 05/25/2015 10:48 AM, Martin Babinsky wrote:
>> > On 04/06/2015 12:53 AM, Simo Sorce wrote:
>> >> Fix for bug 4914.
>> >>
>> >> I've tested it locally and seem to do exactly what is needed. I couldn't
>> >> detect any side effects, except that if you use kadmin to get a
>> >> randomized password for a service then you'll get a key for all
>> >> supported types (currently aes256, aes128, des3, rc4, camellia128,
>> >> camellia256) instead of just the default ones (aes256, aes128, des3,
>> >> rc4) if you do not specify enctypes. I think that is fine, we use
>> >> ipa-getkeytab anyway in the normal course of business and that one uses
>> >> a different code path.
>> >>
>> >> Simo.
>> >>
>> >>
>> >>
>> >
>> > Hi Simo,
>> >
>> > the patch works as expected.
>> >
>> > My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c'
>> > between lines 389 and 455. It could be made into a single function to
>> > get key encoding/salt types from LDAP (see my feeble and untested
>> > attempt which I attached).
>> >
>> >
>> >
>> ACK.
>>
>> I will then send the patch fixing duplicate code separately once I
>> consult it with somebody more skilled in C than myself.
>>
>
>Thanks, added your reviewed-by and pushed to master.
>
>Martin, should we push this to other branches too ?
I think we also need this in 4.1 so that it can go to Fedora, Debian,
and RHEL releases.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list