On Thu, 2011-12-08 at 16:55 -0500, Rob Crittenden wrote: > Simo Sorce wrote: > > On Mon, 2011-12-05 at 18:37 -0500, Simo Sorce wrote: > >> On Fri, 2011-12-02 at 10:10 -0500, Simo Sorce wrote: > >>> On Fri, 2011-12-02 at 09:27 -0500, Rob Crittenden wrote: > >>>> Simo Sorce wrote: > >>>>> Hello all, > >>>>> > >>>>> with this set of patches it is possible to allow constrained delegation > >>>>> of credentials so that a service can impersonate a user when > >>> > >>> [..] > >>> > >>>> In the third patch in ipadb_get_delegation_acl() you can just fall > >>>> through to the return. > >>> > >>> Removed useless check. > >>> I also noticed I had added the prototype declaration for the new vtable > >>> function in the 2nd patch instead of the 3rd where it belongs by > >>> mistake. > >>> > >>> So I fixed that too. > >>> > >>>> I think the content of this e-mail should be added as a README to the > >>>> source tree. > >>> > >>> Ok, I dumped and adapted the email content into a README file and added > >>> it to the third patch. > >>> > >>> I also fixed the patch names as per policy. > >>> > >>> Simo. > >> > >> > >> We have discovered a few issues w/ MIT 1.9 and s4u2proxy used outside of > >> the 'artificial' test done by kvno. > >> > >> I pushed a patch to handle part of the problem as a new krb5 package in > >> ipa-devel. > >> > >> Soon we will have a patch for mod_auth_kerb that handles an issue there. > >> > >> But we still have an unresolved issue when using the adtrust > >> functionality and our KDC releases PACs. > >> > >> The attached patch can be used to deal with that case. As you can see > >> this is not intended for production, but can be used until we have a > >> better fix on the KDC side. > >> > >> Simo. > > > > Rebased patch 468 to apply to current master. > > > > Simo. > > > > ACK x3
Pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel