[Freeipa-devel] [PoC/RfC] ipa-kdb: check for alternatives if cross realm TGT cannot be found

Hi, the attached two patches are a proof-of-concept how we can eliminate the need to have [capaths] defined in krb5.conf for member domains in trusted forests together with Alexander's patch 0123. capaths are used in the core KDC code at two places. One is to validate transited field in the TGT,

Re: [Freeipa-devel] [PoC/RfC] ipa-kdb: check for alternatives if cross realm TGT cannot be found

On Wed, 02 Oct 2013, Sumit Bose wrote: Hi, the attached two patches are a proof-of-concept how we can eliminate the need to have [capaths] defined in krb5.conf for member domains in trusted forests together with Alexander's patch 0123. capaths are used in the core KDC code at two places. One