Simo Sorce wrote:
On Mon, 2011-12-05 at 18:37 -0500, Simo Sorce wrote:
On Fri, 2011-12-02 at 10:10 -0500, Simo Sorce wrote:
On Fri, 2011-12-02 at 09:27 -0500, Rob Crittenden wrote:
Simo Sorce wrote:
Hello all,

with this set of patches it is possible to allow constrained delegation
of credentials so that a service can impersonate a user when


In the third patch in ipadb_get_delegation_acl() you can just fall
through to the return.

Removed useless check.
I also noticed I had added the prototype declaration for the new vtable
function in the 2nd patch instead of the 3rd where it belongs by

So I fixed that too.

I think the content of this e-mail should be added as a README to the
source tree.

Ok, I dumped and adapted the email content into a README file and added
it to the third patch.

I also fixed the patch names as per policy.


We have discovered a few issues w/ MIT 1.9 and s4u2proxy used outside of
the 'artificial' test done by kvno.

I pushed a patch to handle part of the problem as a new krb5 package in

Soon we will have a patch for mod_auth_kerb that handles an issue there.

But we still have an unresolved issue when using the adtrust
functionality and our KDC releases PACs.

The attached patch can be used to deal with that case. As you can see
this is not intended for production, but can be used until we have a
better fix on the KDC side.


Rebased patch 468 to apply to current master.


ACK x3

Freeipa-devel mailing list

Reply via email to