Re: [Freeipa-devel] [PATCH] Fix up trust attributes on trust-add
On 10/08/2012 06:32 PM, Sumit Bose wrote: On Fri, Oct 05, 2012 at 09:17:47PM +0300, Alexander Bokovoy wrote: On Fri, 05 Oct 2012, Simo Sorce wrote: A onliner but better to have it validated by a second pair of eyes. Yep. Go ahead. The origin of USES_RC4_ENCRYPTION comes from Samba 3 code in net utility that Sumit implemented ~1.5 year ago. I didn't found any issues while testing. ACK bye, Sumit Pushed to master, ipa-3-0. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix up trust attributes on trust-add
On Fri, Oct 05, 2012 at 09:17:47PM +0300, Alexander Bokovoy wrote: On Fri, 05 Oct 2012, Simo Sorce wrote: A onliner but better to have it validated by a second pair of eyes. Yep. Go ahead. The origin of USES_RC4_ENCRYPTION comes from Samba 3 code in net utility that Sumit implemented ~1.5 year ago. I didn't found any issues while testing. ACK bye, Sumit -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Fix up trust attributes on trust-add
A onliner but better to have it validated by a second pair of eyes. Simo. -- Simo Sorce * Red Hat, Inc * New York From 7cce4fe928bd56cd8ad8fbb10ee8f40961e0d739 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Fri, 5 Oct 2012 11:25:29 -0400 Subject: [PATCH] Fix trust attributes for ipa trust-add The RC4 flags in the trust attributes makes sense only fro trust type MIT We are using the UPLEVEL trust type. --- ipaserver/dcerpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index dd16c9f9e70950ecf679416f0c76ee21f0cc2cd3..c40313a697fa6ff842129944b7ad9c1f5fc14a77 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -365,7 +365,7 @@ class TrustDomainInstance(object): info.sid = security.dom_sid(another_domain.info['sid']) info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL -info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE | lsa.LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION +info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE try: dname = lsa.String() -- 1.7.11.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix up trust attributes on trust-add
On Fri, 05 Oct 2012, Simo Sorce wrote: A onliner but better to have it validated by a second pair of eyes. Yep. Go ahead. The origin of USES_RC4_ENCRYPTION comes from Samba 3 code in net utility that Sumit implemented ~1.5 year ago. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel