On Wed, 10 Jul 2013, Simo Sorce wrote:
On Wed, 2013-07-10 at 19:55 +0300, Alexander Bokovoy wrote:
>>> The patch looks good to me so I'm giving my +1. I would appreciate
other
>>> review too before a full ack, though.
>>
>> I've nacked the approach, although the results are as expected.
>> Alexander will send a simplified patch that avoids the extra search
and
>> use of managedby which is not ok.
> New patch attached.
After discussion with Simo on IRC, I decided to use krb5_parse_name()
to
properly parse krbPrincipalName attribute for the service and veto it
against pre-defined set of services we support generating MS-PAC for
on
the IPA master.
The list currently includes only cifs/ipa.master@REALM and
HTTP/ipa.master@REALM as host/ipa.master@REALM is handled by the
is_host
case.
LGTM.
Committed to master.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
