I'd still prefer a user mapping to managing a keytab. This patch is just way too complex for what it does.
----- Original Message ----- > I brought up your suggestion in today's IPA devel meeting. Simo > explained that anonymous binding might not be available. Some customers > disable it on their systems. I'd have to find yet another way to > authenticate, e.g. using the user account. That would only work locally, > though. > > Let's go ahead with my current approach. It's implemented and I have > tested upgrade and refresh installation a couple of times, too. > > Christian > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code