[Freeipa-devel] [PATCH 558] Allow disabling requireing preauth by default for Service Principal Names
Martin Basti
mbasti at redhat.com
Tue Mar 8 17:49:30 UTC 2016
On 08.03.2016 18:02, Martin Babinsky wrote:
> On 03/08/2016 05:50 PM, Simo Sorce wrote:
>> On Tue, 2016-03-08 at 17:20 +0100, Martin Babinsky wrote:
>>> On 03/08/2016 05:00 PM, Simo Sorce wrote:
>>>> On Tue, 2016-03-08 at 16:51 +0100, Martin Babinsky wrote:
>>>>> On 03/08/2016 04:49 PM, Simo Sorce wrote:
>>>>>> On Fri, 2015-12-04 at 14:23 +0100, Martin Babinsky wrote:
>>>>>>> On 12/01/2015 10:08 PM, Simo Sorce wrote:
>>>>>>>> On Tue, 2015-12-01 at 15:59 +0100, Martin Babinsky wrote:
>>>>>>>>> On 11/30/2015 07:42 PM, Simo Sorce wrote:
>>>>>>>>>> On Wed, 2015-11-25 at 10:33 +0100, Martin Babinsky wrote:
>>>>>>>>>>> On 11/24/2015 10:20 PM, Simo Sorce wrote:
>>>>>>>>>>>> This addresses #3860, giving admins the option to not
>>>>>>>>>>>> require preauth
>>>>>>>>>>>> for Hosts and services.
>>>>>>>>>>>>
>>>>>>>>>>>> I did not add this option by default, although it does
>>>>>>>>>>>> reduce the load
>>>>>>>>>>>> on the KDC as well as speed up TGT acquisition for service
>>>>>>>>>>>> principal
>>>>>>>>>>>> accounts that acquire TGTs.
>>>>>>>>>>>>
>>>>>>>>>>>> Tested and working as expected (SPNs are not returned
>>>>>>>>>>>> PREAUTH_NEEDED
>>>>>>>>>>>> error while normal users are).
>>>>>>>>>>>>
>>>>>>>>>>>> HTH,
>>>>>>>>>>>> Simo.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> Hi Simo,
>>>>>>>>>>>
>>>>>>>>>>> I was not able to apply the patch on current master branch:
>>>>>>>>>>>
>>>>>>>>>>> """
>>>>>>>>>>> git am
>>>>>>>>>>> ../review/ssorce/3860/freeipa-simo-558-1-Allow-admins-to-disable-preauth-for-SPNs.patch
>>>>>>>>>>>
>>>>>>>>>>> -3
>>>>>>>>>>>
>>>>>>>>>>> Applying: Allow admins to disable preauth for SPNs.
>>>>>>>>>>> error: invalid object 100644
>>>>>>>>>>> a6b4d4349a9ac6de453d9ad3c679ec32add4e43b
>>>>>>>>>>> for 'ipalib/plugins/config.py'
>>>>>>>>>>> fatal: git-write-tree: error building trees
>>>>>>>>>>> Repository lacks necessary blobs to fall back on 3-way merge.
>>>>>>>>>>> Cannot fall back to three-way merge.
>>>>>>>>>>> Patch failed at 0001 Allow admins to disable preauth for SPNs.
>>>>>>>>>>> """
>>>>>>>>>>>
>>>>>>>>>>> It seems that I nedd to apply some of your other patches
>>>>>>>>>>> first (which one?)
>>>>>>>>>>
>>>>>>>>>> Sorry did not see this question earlier, it requires 556 and
>>>>>>>>>> 557, I just
>>>>>>>>>> bumped that thread.
>>>>>>>>>>
>>>>>>>>>> Simo.
>>>>>>>>>>
>>>>>>>>> It seems that I need something else, patch 556-2 applies
>>>>>>>>> cleanly, but
>>>>>>>>> patch 557-3 fails with http://fpaste.org/296230/89819431/ on
>>>>>>>>> both master
>>>>>>>>> and 4-2 branch.
>>>>>>>>>
>>>>>>>>
>>>>>>>> Rebased 556,557 in their thread, and here is the rebase for 558
>>>>>>>> on top
>>>>>>>> of them.
>>>>>>>>
>>>>>>>> Simo.
>>>>>>>>
>>>>>>>
>>>>>>> ACK. I'm afraid that this patch and 556, 557 will require
>>>>>>> another round
>>>>>>> of rebase before pushing, though.
>>>>>>
>>>>>> Rebased on top of master (not on 556/557) per Petr's request.
>>>>>>
>>>>>> Simo.
>>>>>>
>>>>>>
>>>>>
>>>>> NACK, if you do API changes please increment API version in VERSION.
>>>>
>>>> Why wasn't this a problem in the previous ACK ?
>>>>
>>>> Simo.
>>>>
>>>
>>> Probably because I missed it, sorry.
>>>
>>
>> Fixed.
>>
>> Simo.
>>
>
> Thanks, ACK.
>
Pushed to:
master: 3e45c9be0aefb03751665a951f426ac59c50a551
ipa-4-3: 9137ff497be16e1afb4bdac9f58097318ce38953
More information about the Freeipa-devel
mailing list