On Thu, 2015-12-03 at 19:33 +0200, Alexander Bokovoy wrote:
> On Thu, 03 Dec 2015, Simo Sorce wrote:
> >The first patch is preparatory and is needed in general now that we want
> >top allow alias and use krbCanonicalName as the canonical name when
> >multiple values are avilable in krbPrincipalName.
> >The second patch changes slightly how the interdomain trust account is
> >created so that the getkeytab control can generate the proper key (with
> >the right salt) for interop reasons with AD. The change should be
> >upgrade safe because keys are generate at account creation so older
> >accounts lacking the alias won't be a problem.
> >Fixes ##5495
> Thanks. ACK to both. They work for me against Windows Server 2012R2.
> Now we need to fix Samba AD salt generation so that it is compatible
> with both Windows and FreeIPA for AES/DES keys and not only RC4... ;)
And so we did:
Simo Sorce * Red Hat, Inc * New York
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code