On Mon, Sep 17, 2012 at 06:44:36PM +0300, Alexander Bokovoy wrote:
> Following patch adds trust verification sequence to the case when we
> establish trust with knowledge of AD administrative credentials.
> As we found out, in order to validate/verify trust, one has to have
> administrative credentials for the trusted domain, since there are
> few RPCs that should be performed against trusted domain's DC's LSA
> and NetLogon pipes and these are protected by administrative credentials.
> Thus, when we know admin credentials for the remote domain, we can
> perform the trust validation.
Just a short feedback. The patch is working as expected, for a newly
created trust Windows will send a TGS request to the IPA KDC without
explicit validation on the windows side. Currently I have some issues
in my test setup so that I can not give a full ACK atm.
> / Alexander Bokovoy
Freeipa-devel mailing list