On Mon, Sep 17, 2012 at 06:44:36PM +0300, Alexander Bokovoy wrote:
> Hi,
> 
> Following patch adds trust verification sequence to the case when we
> establish trust with knowledge of AD administrative credentials.
> 
> As we found out, in order to validate/verify trust, one has to have
> administrative credentials for the trusted domain, since there are
> few RPCs that should be performed against trusted domain's DC's LSA
> and NetLogon pipes and these are protected by administrative credentials.
> 
> Thus, when we know admin credentials for the remote domain, we can
> perform the trust validation.
> 
> https://fedorahosted.org/freeipa/ticket/2763
> 

Just a short feedback. The patch is working as expected, for a newly
created trust Windows will send a TGS request to the IPA KDC without
explicit validation on the windows side. Currently I have some issues
in my test setup so that I can not give a full ACK atm. 

bye,
Sumit

> 
> -- 
> / Alexander Bokovoy

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to