On 07/06/2016 07:01 PM, Sumit Bose wrote:
Hi,
although enterprise principals for trusted domains now are working as
expected they do not work for the local domain:
# kinit -E admin@IPA.DEVEL
kinit: Client 'admin\@IPA.DEVEL@IPA.DEVEL' not found in Kerberos database
while getting initial credentials
Attached patch handles this case. It is not that nice because of the
duplication of ipadb_fetch_principals() and ipadb_find_principal(). But
I think there was a reason I do not remember why we didn't check for
enterprise principals before checking the local database. If there is no
such reason it might make sense to check for enterprise principals
before doing the lookup. Please let me know if I should change the patch
accordingly or if the current version is ok,
bye,
Sumit
Hi Sumit,
thanks for the patch. This patch should have a ticket. It will help
downstream planning.
--
Petr Vobornik
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
