On Mon, 2015-05-25 at 10:48 +0200, Martin Babinsky wrote:
> On 04/06/2015 12:53 AM, Simo Sorce wrote:
> > Fix for bug 4914.
> >
> > I've tested it locally and seem to do exactly what is needed. I couldn't
> > detect any side effects, except that if you use kadmin to get a
> > randomized password for a service then you'll get a key for all
> > supported types (currently aes256, aes128, des3, rc4, camellia128,
> > camellia256) instead of just the default ones (aes256, aes128, des3,
> > rc4) if you do not specify enctypes. I think that is fine, we use
> > ipa-getkeytab anyway in the normal course of business and that one uses
> > a different code path.
> >
> > Simo.
> >
> >
> >
> 
> Hi Simo,
> 
> the patch works as expected.
> 
> My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c' 
> between lines 389 and 455. It could be made into a single function to 
> get key encoding/salt types from LDAP (see my feeble and untested 
> attempt which I attached).

The attached patch looks reasonable to me, feel free to post it as a
proposed patch once you have tested it.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to