[Freeipa-devel] [PATCH] 0051 Allow CustodiaClient to be used by arbitrary principals
Simo Sorce
ssorce at redhat.com
Tue Apr 12 13:31:30 UTC 2016
On Sat, 2016-04-09 at 10:11 +1000, Fraser Tweedale wrote:
> On Fri, Apr 08, 2016 at 10:47:19AM -0400, Simo Sorce wrote:
> > On Sat, 2016-04-09 at 00:23 +1000, Fraser Tweedale wrote:
> > > - name = gssapi.Name('host@%s' % (self.client,),
> > >
> > > - gssapi.NameType.hostbased_service)
> >
> > If you remove this then on a serve that has nfs keys in the keytab you
> > may end up acquiring the wrong credentials.
> > You need to pass down what credentials you want to use to initialize the
> > cred store, we canot rely on ordering in the system keytab case.
> >
> > Simo.
> >
> Thanks Simo; updated patch attached.
Except the ACI the rest looks good to me.
For ACI please add a separate patch that follows the naming scheme for
subCA keys.
Simo.
More information about the Freeipa-devel
mailing list