A onliner but better to have it validated by a second pair of eyes.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 7cce4fe928bd56cd8ad8fbb10ee8f40961e0d739 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Fri, 5 Oct 2012 11:25:29 -0400
Subject: [PATCH] Fix trust attributes for ipa trust-add

The RC4 flags in the trust attributes makes sense only fro trust type MIT
We are using the UPLEVEL trust type.
---
 ipaserver/dcerpc.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index dd16c9f9e70950ecf679416f0c76ee21f0cc2cd3..c40313a697fa6ff842129944b7ad9c1f5fc14a77 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -365,7 +365,7 @@ class TrustDomainInstance(object):
         info.sid = security.dom_sid(another_domain.info['sid'])
         info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND
         info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL
-        info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE | lsa.LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
+        info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
 
         try:
             dname = lsa.String()
-- 
1.7.11.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to