[Freeipa-devel] [PATCH] kdb: check for local realm in enterprise principals
Petr Vobornik
pvoborni at redhat.com
Thu Jul 7 11:31:03 UTC 2016
On 07/06/2016 07:01 PM, Sumit Bose wrote:
> Hi,
>
> although enterprise principals for trusted domains now are working as
> expected they do not work for the local domain:
>
> # kinit -E admin at IPA.DEVEL
> kinit: Client 'admin\@IPA.DEVEL at IPA.DEVEL' not found in Kerberos database while getting initial credentials
>
> Attached patch handles this case. It is not that nice because of the
> duplication of ipadb_fetch_principals() and ipadb_find_principal(). But
> I think there was a reason I do not remember why we didn't check for
> enterprise principals before checking the local database. If there is no
> such reason it might make sense to check for enterprise principals
> before doing the lookup. Please let me know if I should change the patch
> accordingly or if the current version is ok,
>
> bye,
> Sumit
>
Hi Sumit,
thanks for the patch. This patch should have a ticket. It will help
downstream planning.
--
Petr Vobornik
More information about the Freeipa-devel
mailing list