On 09/13/2013 03:01 PM, Alexander Bokovoy wrote: > On Thu, 07 Feb 2013, Simo Sorce wrote: >> This information is not strictly required but is part of the MS-PAC >> specification and I had some time to kill on the plane on my last trip >> back. >> >> I tested it briefly with cross-realm trusts and it seem to work fine. >> Neither IPA nor AD2012 complained when looking at PACs, do far. > Reviving. > > It is actually required part as without it smbd will deny our attempt to > establish local part of the trust in some cases by misinterpreting what > we put in the PAC and thinking that a service impersonating original > user is the actual user but taking original user name as an account > name. > > With this patch everything works fine. ACK. >
Is this fix required also for FreeIPA 3.3 and it's features? I did not understand that from the bug description. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
