On Fri, Nov 04, 2011 at 10:49:40AM -0400, Simo Sorce wrote: > The attached patches are for master and concern the effort of creating > trust relationships between IPA and AD domains. > > With these patches if you have run ipa-adtrust-install the IPA kdc will > be able to create a MS-PAC if the user has the right attributes > ipaNTSecurityIdentifier on the user entry and on the primary group entry > are required (or a fallback primary group). > If the objects are not in place the MS-PAC generation is silently > skipped and no MS-PAC will be attached to the tickets. > > The MS-PAC is always generated if all data is available, in future we > may think of making this conditional, but that is not in the scope of > this patches. > > In order to apply these patches you need the coverity fix patches #2036 > #2037 I sent yesterday. > > In order to build this code you need samba 4 experimental packages with > the libndr_krb5pac.so librray, header files and pkgconfig configuration > files.
Please add these dependencies to the BuildRequires in the spec file. Otherwise the patch looks fine. bye, Sumit > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
