On Fri, 11 Jun 2010 16:16:32 -0400 Rob Crittenden <[email protected]> wrote:
> Don't try to convert a host's password into a keytab. > > The migration plugin uses a pre-op function to automatically create > kerberos credentials when binding using a password. > > The problem is that we do a simple bind when doing password-base host > enrollment. This was causing krbPasswordExpiration to be set which > isn't what we want for hosts. They really shouldn't go through this > code at all. I'd like to NACK and ask to check for the ipaHost objectClass instead of strncmp()aring the principal with "host/" Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
