On Wed, Jul 06, 2016 at 07:01:50PM +0200, Sumit Bose wrote: > Hi, > > although enterprise principals for trusted domains now are working as > expected they do not work for the local domain: > > # kinit -E admin@IPA.DEVEL > > > kinit: Client 'admin\@IPA.DEVEL@IPA.DEVEL' not found in Kerberos database > while getting initial credentials > > Attached patch handles this case. It is not that nice because of the > duplication of ipadb_fetch_principals() and ipadb_find_principal(). But > I think there was a reason I do not remember why we didn't check for > enterprise principals before checking the local database. If there is no > such reason it might make sense to check for enterprise principals > before doing the lookup. Please let me know if I should change the patch > accordingly or if the current version is ok, > > bye, > Sumit >
The patch fixes IPA logins for me, so functional ACK, but I'm not sure I know enough about the code to actually review the code.. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code