[Freeipa-devel] [PATCH] kdb: check for local realm in enterprise principals
Petr Vobornik
pvoborni at redhat.com
Tue Jul 12 10:27:01 UTC 2016
On 07/11/2016 05:15 PM, Martin Babinsky wrote:
> On 07/06/2016 07:01 PM, Sumit Bose wrote:
>> Hi,
>>
>> although enterprise principals for trusted domains now are working as
>> expected they do not work for the local domain:
>>
>> # kinit -E admin at IPA.DEVEL
>> kinit: Client 'admin\@IPA.DEVEL at IPA.DEVEL' not found in Kerberos
>> database while getting initial credentials
>>
>> Attached patch handles this case. It is not that nice because of the
>> duplication of ipadb_fetch_principals() and ipadb_find_principal(). But
>> I think there was a reason I do not remember why we didn't check for
>> enterprise principals before checking the local database. If there is no
>> such reason it might make sense to check for enterprise principals
>> before doing the lookup. Please let me know if I should change the patch
>> accordingly or if the current version is ok,
>>
>> bye,
>> Sumit
>>
>>
>>
> Code looks ok to me and the patch fixes the issue, so ACK.
>
master:
* 6d6da6b281173737bd31ba4845af11a097846c05 kdb: check for local realm in
enterprise principals
--
Petr Vobornik
More information about the Freeipa-devel
mailing list