On 05/27/2015 03:55 PM, Alexander Bokovoy wrote:
> On Wed, 27 May 2015, Simo Sorce wrote:
>> On Wed, 2015-05-27 at 15:25 +0200, Martin Babinsky wrote:
>>> On 05/25/2015 10:48 AM, Martin Babinsky wrote:
>>> > On 04/06/2015 12:53 AM, Simo Sorce wrote:
>>> >> Fix for bug 4914.
>>> >>
>>> >> I've tested it locally and seem to do exactly what is needed. I couldn't
>>> >> detect any side effects, except that if you use kadmin to get a
>>> >> randomized password for a service then you'll get a key for all
>>> >> supported types (currently aes256, aes128, des3, rc4, camellia128,
>>> >> camellia256) instead of just the default ones (aes256, aes128, des3,
>>> >> rc4) if you do not specify enctypes. I think that is fine, we use
>>> >> ipa-getkeytab anyway in the normal course of business and that one uses
>>> >> a different code path.
>>> >>
>>> >> Simo.
>>> >>
>>> >>
>>> >>
>>> >
>>> > Hi Simo,
>>> >
>>> > the patch works as expected.
>>> >
>>> > My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c'
>>> > between lines 389 and 455. It could be made into a single function to
>>> > get key encoding/salt types from LDAP (see my feeble and untested
>>> > attempt which I attached).
>>> >
>>> >
>>> >
>>> ACK.
>>>
>>> I will then send the patch fixing duplicate code separately once I
>>> consult it with somebody more skilled in C than myself.
>>>
>>
>> Thanks, added your reviewed-by and pushed to master.
>>
>> Martin, should we push this to other branches too ?
> I think we also need this in 4.1 so that it can go to Fedora, Debian,
> and RHEL releases.

4.2 will be released soon, but if you are confident about the patch so that it
does not break stuff, we may add it to 4.1.x too, given the positive impact.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to