On 05/27/2015 04:33 PM, Martin Kosek wrote:
On 05/27/2015 03:55 PM, Alexander Bokovoy wrote:
On Wed, 27 May 2015, Simo Sorce wrote:
On Wed, 2015-05-27 at 15:25 +0200, Martin Babinsky wrote:
On 05/25/2015 10:48 AM, Martin Babinsky wrote:
On 04/06/2015 12:53 AM, Simo Sorce wrote:
Fix for bug 4914.
I've tested it locally and seem to do exactly what is needed. I couldn't
detect any side effects, except that if you use kadmin to get a
randomized password for a service then you'll get a key for all
supported types (currently aes256, aes128, des3, rc4, camellia128,
camellia256) instead of just the default ones (aes256, aes128, des3,
rc4) if you do not specify enctypes. I think that is fine, we use
ipa-getkeytab anyway in the normal course of business and that one uses
a different code path.
the patch works as expected.
My only gripe is with the duplicate code in 'daemons/ipa-kdb/ipa_kdb.c'
between lines 389 and 455. It could be made into a single function to
get key encoding/salt types from LDAP (see my feeble and untested
attempt which I attached).
I will then send the patch fixing duplicate code separately once I
consult it with somebody more skilled in C than myself.
Thanks, added your reviewed-by and pushed to master.
Martin, should we push this to other branches too ?
I think we also need this in 4.1 so that it can go to Fedora, Debian,
and RHEL releases.
4.2 will be released soon, but if you are confident about the patch so that it
does not break stuff, we may add it to 4.1.x too, given the positive impact.
I actually tested it also with 4.1 branch with no problem.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code