On Wed, 27 May 2015, Simo Sorce wrote:
On Wed, 2015-05-27 at 15:25 +0200, Martin Babinsky wrote:
On 05/25/2015 10:48 AM, Martin Babinsky wrote:
> On 04/06/2015 12:53 AM, Simo Sorce wrote:
>> Fix for bug 4914.
>>
>> I've tested it locally and seem to do exactly what is needed. I couldn't
>> detect any side effects, except that if you use kadmin to get a
>> randomized password for a service then you'll get a key for all
>> supported types (currently aes256, aes128, des3, rc4, camellia128,
>> camellia256) instead of just the default ones (aes256, aes128, des3,
>> rc4) if you do not specify enctypes. I think that is fine, we use
>> ipa-getkeytab anyway in the normal course of business and that one uses
>> a different code path.
>>
>> Simo.
>>
>>
>>
>
> Hi Simo,
>
> the patch works as expected.
>
> My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c'
> between lines 389 and 455. It could be made into a single function to
> get key encoding/salt types from LDAP (see my feeble and untested
> attempt which I attached).
>
>
>
ACK.

I will then send the patch fixing duplicate code separately once I
consult it with somebody more skilled in C than myself.


Thanks, added your reviewed-by and pushed to master.

Martin, should we push this to other branches too ?
I think we also need this in 4.1 so that it can go to Fedora, Debian,
and RHEL releases.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to