[Freeipa-devel] [PATCHES] #1791 Tust Effort: Add support for generating MS-PAC

Simo Sorce simo at redhat.com
Mon Nov 7 22:31:45 UTC 2011


On Fri, 2011-11-04 at 23:31 +0100, Sumit Bose wrote:
> On Fri, Nov 04, 2011 at 10:49:40AM -0400, Simo Sorce wrote:
> > The attached patches are for master and concern the effort of creating
> > trust relationships between IPA and AD domains.
> > 
> > With these patches if you have run ipa-adtrust-install the IPA kdc will
> > be able to create a MS-PAC if the user has the right attributes
> > ipaNTSecurityIdentifier on the user entry and on the primary group entry
> > are required (or a fallback primary group).
> > If the objects are not in place the MS-PAC generation is silently
> > skipped and no MS-PAC will be attached to the tickets.
> > 
> > The MS-PAC is always generated if all data is available, in future we
> > may think of making this conditional, but that is not in the scope of
> > this patches. 
> > 
> > In order to apply these patches you need the coverity fix patches #2036
> > #2037 I sent yesterday.
> > 
> > In order to build this code you need samba 4 experimental packages with
> > the libndr_krb5pac.so librray, header files and pkgconfig configuration
> > files.
> 
> Please add these dependencies to the BuildRequires in the spec file.
> Otherwise the patch looks fine.

Added "BuildRequires: samba-4.0-devel", tested and pushed to master.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-devel mailing list