Simo Sorce wrote:
On Fri, 11 Jun 2010 16:16:32 -0400 Rob Crittenden <[email protected]> wrote:Don't try to convert a host's password into a keytab.The migration plugin uses a pre-op function to automatically create kerberos credentials when binding using a password.The problem is that we do a simple bind when doing password-base host enrollment. This was causing krbPasswordExpiration to be set whichisn't what we want for hosts. They really shouldn't go through this code at all.I'd like to NACK and ask to check for the ipaHost objectClass instead of strncmp()aring the principal with "host/" Simo.
Updated patch attached. I took the opportunity to fix another instance of comparing to host/ in the principal name as well.
rob
freeipa-468-2-enroll.patch
Description: application/mbox
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
