On Wed, 2015-05-27 at 15:25 +0200, Martin Babinsky wrote: > On 05/25/2015 10:48 AM, Martin Babinsky wrote: > > On 04/06/2015 12:53 AM, Simo Sorce wrote: > >> Fix for bug 4914. > >> > >> I've tested it locally and seem to do exactly what is needed. I couldn't > >> detect any side effects, except that if you use kadmin to get a > >> randomized password for a service then you'll get a key for all > >> supported types (currently aes256, aes128, des3, rc4, camellia128, > >> camellia256) instead of just the default ones (aes256, aes128, des3, > >> rc4) if you do not specify enctypes. I think that is fine, we use > >> ipa-getkeytab anyway in the normal course of business and that one uses > >> a different code path. > >> > >> Simo. > >> > >> > >> > > > > Hi Simo, > > > > the patch works as expected. > > > > My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c' > > between lines 389 and 455. It could be made into a single function to > > get key encoding/salt types from LDAP (see my feeble and untested > > attempt which I attached). > > > > > > > ACK. > > I will then send the patch fixing duplicate code separately once I > consult it with somebody more skilled in C than myself. >
Thanks, added your reviewed-by and pushed to master. Martin, should we push this to other branches too ? Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code