On Wed, 2013-07-10 at 19:55 +0300, Alexander Bokovoy wrote: > >>> The patch looks good to me so I'm giving my +1. I would appreciate > other > >>> review too before a full ack, though. > >> > >> I've nacked the approach, although the results are as expected. > >> Alexander will send a simplified patch that avoids the extra search > and > >> use of managedby which is not ok. > > New patch attached. > After discussion with Simo on IRC, I decided to use krb5_parse_name() > to > properly parse krbPrincipalName attribute for the service and veto it > against pre-defined set of services we support generating MS-PAC for > on > the IPA master. > > The list currently includes only cifs/ipa.master@REALM and > HTTP/ipa.master@REALM as host/ipa.master@REALM is handled by the > is_host > case. > LGTM.
Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel