On Fri, Nov 04, 2011 at 10:49:40AM -0400, Simo Sorce wrote:
> The attached patches are for master and concern the effort of creating
> trust relationships between IPA and AD domains.
> With these patches if you have run ipa-adtrust-install the IPA kdc will
> be able to create a MS-PAC if the user has the right attributes
> ipaNTSecurityIdentifier on the user entry and on the primary group entry
> are required (or a fallback primary group).
> If the objects are not in place the MS-PAC generation is silently
> skipped and no MS-PAC will be attached to the tickets.
> The MS-PAC is always generated if all data is available, in future we
> may think of making this conditional, but that is not in the scope of
> this patches.
> In order to apply these patches you need the coverity fix patches #2036
> #2037 I sent yesterday.
> In order to build this code you need samba 4 experimental packages with
> the libndr_krb5pac.so librray, header files and pkgconfig configuration
Please add these dependencies to the BuildRequires in the spec file.
Otherwise the patch looks fine.
> Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list