On Wed, 2015-05-27 at 16:33 +0200, Martin Kosek wrote: > On 05/27/2015 03:55 PM, Alexander Bokovoy wrote: > > On Wed, 27 May 2015, Simo Sorce wrote: > >> On Wed, 2015-05-27 at 15:25 +0200, Martin Babinsky wrote: > >>> On 05/25/2015 10:48 AM, Martin Babinsky wrote: > >>> > On 04/06/2015 12:53 AM, Simo Sorce wrote: > >>> >> Fix for bug 4914. > >>> >> > >>> >> I've tested it locally and seem to do exactly what is needed. I > >>> >> couldn't > >>> >> detect any side effects, except that if you use kadmin to get a > >>> >> randomized password for a service then you'll get a key for all > >>> >> supported types (currently aes256, aes128, des3, rc4, camellia128, > >>> >> camellia256) instead of just the default ones (aes256, aes128, des3, > >>> >> rc4) if you do not specify enctypes. I think that is fine, we use > >>> >> ipa-getkeytab anyway in the normal course of business and that one uses > >>> >> a different code path. > >>> >> > >>> >> Simo. > >>> >> > >>> >> > >>> >> > >>> > > >>> > Hi Simo, > >>> > > >>> > the patch works as expected. > >>> > > >>> > My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c' > >>> > between lines 389 and 455. It could be made into a single function to > >>> > get key encoding/salt types from LDAP (see my feeble and untested > >>> > attempt which I attached). > >>> > > >>> > > >>> > > >>> ACK. > >>> > >>> I will then send the patch fixing duplicate code separately once I > >>> consult it with somebody more skilled in C than myself. > >>> > >> > >> Thanks, added your reviewed-by and pushed to master. > >> > >> Martin, should we push this to other branches too ? > > I think we also need this in 4.1 so that it can go to Fedora, Debian, > > and RHEL releases. > > 4.2 will be released soon, but if you are confident about the patch so that it > does not break stuff, we may add it to 4.1.x too, given the positive impact.
Please backport to 4.1 then, it really is only a net positive afaik. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code