On 09/16/2013 09:14 AM, Alexander Bokovoy wrote:
On Mon, 16 Sep 2013, Martin Kosek wrote:
On 09/13/2013 03:01 PM, Alexander Bokovoy wrote:
On Thu, 07 Feb 2013, Simo Sorce wrote:
This information is not strictly required but is part of the MS-PAC
specification and I had some time to kill on the plane on my last trip

I tested it briefly with cross-realm trusts and it seem to work fine.
Neither IPA nor AD2012 complained when looking at PACs, do far.

It is actually required part as without it smbd will deny our attempt to
establish local part of the trust in some cases by misinterpreting what
we put in the PAC and thinking that a service impersonating original
user is the actual user but taking original user name as an account

With this patch everything works fine. ACK.

Is this fix required also for FreeIPA 3.3 and it's features? I did not
understand that from the bug description.
Yes. It is one of fixes to the issues Tomas was seeing with his test
automation scripts.

I've also pushed it to ipa-3-3: 7de103739172e4d3690d71fb686addc4edae027e


Freeipa-devel mailing list

Reply via email to