On Tue, Sep 18, 2012 at 12:42:49PM +0200, Sumit Bose wrote: > On Mon, Sep 17, 2012 at 06:44:36PM +0300, Alexander Bokovoy wrote: > > Hi, > > > > Following patch adds trust verification sequence to the case when we > > establish trust with knowledge of AD administrative credentials. > > > > As we found out, in order to validate/verify trust, one has to have > > administrative credentials for the trusted domain, since there are > > few RPCs that should be performed against trusted domain's DC's LSA > > and NetLogon pipes and these are protected by administrative credentials. > > > > Thus, when we know admin credentials for the remote domain, we can > > perform the trust validation. > > > > https://fedorahosted.org/freeipa/ticket/2763 > > > > Just a short feedback. The patch is working as expected, for a newly > created trust Windows will send a TGS request to the IPA KDC without > explicit validation on the windows side. Currently I have some issues > in my test setup so that I can not give a full ACK atm. >
ok, ACK. Nevertheless it would be nice if Petr can check for any implications to the web UI with respect to the status of the trust. bye, Sumit > bye, > Sumit > > > > > -- > > / Alexander Bokovoy > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel