On Wed, Jul 06, 2016 at 07:01:50PM +0200, Sumit Bose wrote:
> Hi,
> although enterprise principals for trusted domains now are working as
> expected they do not work for the local domain:
>     # kinit -E admin@IPA.DEVEL                                                
>     kinit: Client 'admin\@IPA.DEVEL@IPA.DEVEL' not found in Kerberos database 
> while getting initial credentials
> Attached patch handles this case. It is not that nice because of the
> duplication of ipadb_fetch_principals() and ipadb_find_principal(). But
> I think there was a reason I do not remember why we didn't check for
> enterprise principals before checking the local database. If there is no
> such reason it might make sense to check for enterprise principals
> before doing the lookup. Please let me know if I should change the patch
> accordingly or if the current version is ok,
> bye,
> Sumit

The patch fixes IPA logins for me, so functional ACK, but I'm not sure I
know enough about the code to actually review the code..

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to