[Freeipa-devel] [PATCH] 0073 Add trust verification code
Sumit Bose
sbose at redhat.com
Tue Sep 18 12:15:39 UTC 2012
On Tue, Sep 18, 2012 at 12:42:49PM +0200, Sumit Bose wrote:
> On Mon, Sep 17, 2012 at 06:44:36PM +0300, Alexander Bokovoy wrote:
> > Hi,
> >
> > Following patch adds trust verification sequence to the case when we
> > establish trust with knowledge of AD administrative credentials.
> >
> > As we found out, in order to validate/verify trust, one has to have
> > administrative credentials for the trusted domain, since there are
> > few RPCs that should be performed against trusted domain's DC's LSA
> > and NetLogon pipes and these are protected by administrative credentials.
> >
> > Thus, when we know admin credentials for the remote domain, we can
> > perform the trust validation.
> >
> > https://fedorahosted.org/freeipa/ticket/2763
> >
>
> Just a short feedback. The patch is working as expected, for a newly
> created trust Windows will send a TGS request to the IPA KDC without
> explicit validation on the windows side. Currently I have some issues
> in my test setup so that I can not give a full ACK atm.
>
ok, ACK.
Nevertheless it would be nice if Petr can check for any implications to
the web UI with respect to the status of the trust.
bye,
Sumit
> bye,
> Sumit
>
> >
> > --
> > / Alexander Bokovoy
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list