[Freeipa-devel] [PATCHES] #1791 Tust Effort: Add support for generating MS-PAC
Sumit Bose
sbose at redhat.com
Fri Nov 4 22:31:50 UTC 2011
On Fri, Nov 04, 2011 at 10:49:40AM -0400, Simo Sorce wrote:
> The attached patches are for master and concern the effort of creating
> trust relationships between IPA and AD domains.
>
> With these patches if you have run ipa-adtrust-install the IPA kdc will
> be able to create a MS-PAC if the user has the right attributes
> ipaNTSecurityIdentifier on the user entry and on the primary group entry
> are required (or a fallback primary group).
> If the objects are not in place the MS-PAC generation is silently
> skipped and no MS-PAC will be attached to the tickets.
>
> The MS-PAC is always generated if all data is available, in future we
> may think of making this conditional, but that is not in the scope of
> this patches.
>
> In order to apply these patches you need the coverity fix patches #2036
> #2037 I sent yesterday.
>
> In order to build this code you need samba 4 experimental packages with
> the libndr_krb5pac.so librray, header files and pkgconfig configuration
> files.
Please add these dependencies to the BuildRequires in the spec file.
Otherwise the patch looks fine.
bye,
Sumit
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list