[Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

This plugin intercepts a modrdn change so that when a user is renamed the krbprincipalname is changhed accordingly. The second patch activates the plugin. Simo. -- Simo Sorce * Red Hat, Inc * New York >From 8dbbc7a916202905375358670c5b7a6378f7e67d Mon Sep 17 00:00:00 2001 From: Simo Sorce Dat

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

Simo Sorce wrote: This plugin intercepts a modrdn change so that when a user is renamed the krbprincipalname is changhed accordingly. The second patch activates the plugin. Simo. Should ipaModRDNscope be set to the user container instead of $SUFFIX? rob

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Fri, 22 Oct 2010 17:46:55 -0400 Rob Crittenden wrote: > Simo Sorce wrote: > > > > This plugin intercepts a modrdn change so that when a user is > > renamed the krbprincipalname is changhed accordingly. > > > > The second patch activates the plugin. > > > > Simo. > > Should ipaModRDNscope be s

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

Simo Sorce wrote: On Fri, 22 Oct 2010 17:46:55 -0400 Rob Crittenden wrote: Simo Sorce wrote: This plugin intercepts a modrdn change so that when a user is renamed the krbprincipalname is changhed accordingly. The second patch activates the plugin. Simo. Should ipaModRDNscope be set to th

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Mon, 25 Oct 2010 10:39:06 -0400 Rob Crittenden wrote: > Simo Sorce wrote: > > On Fri, 22 Oct 2010 17:46:55 -0400 > > Rob Crittenden wrote: > > > >> Simo Sorce wrote: > >>> > >>> This plugin intercepts a modrdn change so that when a user is > >>> renamed the krbprincipalname is changhed accord

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

Simo Sorce wrote: On Mon, 25 Oct 2010 10:39:06 -0400 Rob Crittenden wrote: Simo Sorce wrote: On Fri, 22 Oct 2010 17:46:55 -0400 Rob Crittenden wrote: Simo Sorce wrote: This plugin intercepts a modrdn change so that when a user is renamed the krbprincipalname is changhed accordingly. Th

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Mon, Oct 25, 2010 at 10:53:19AM -0400, Rob Crittenden wrote: > Simo Sorce wrote: > >Can you do a modrdn modification on a compat plugin entry ? > > Well, right, I don't know :-) And if not, what error would be raised and > do/should we catch it? You should get an insufficient-access (0.17 and

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Mon, 25 Oct 2010 11:42:09 -0400 Nalin Dahyabhai wrote: > On Mon, Oct 25, 2010 at 10:53:19AM -0400, Rob Crittenden wrote: > > Simo Sorce wrote: > > >Can you do a modrdn modification on a compat plugin entry ? > > > > Well, right, I don't know :-) And if not, what error would be > > raised and

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Mon, Oct 25, 2010 at 11:45:45AM -0400, Simo Sorce wrote: > On Mon, 25 Oct 2010 11:42:09 -0400 > Nalin Dahyabhai wrote: > > > On Mon, Oct 25, 2010 at 10:53:19AM -0400, Rob Crittenden wrote: > > > Simo Sorce wrote: > > > >Can you do a modrdn modification on a compat plugin entry ? > > > > > > W

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Fri, Oct 22, 2010 at 05:38:35PM -0400, Simo Sorce wrote: > This plugin intercepts a modrdn change so that when a user is renamed > the krbprincipalname is changhed accordingly. Changing the user's principal name usually breaks the client's ability to get initial creds, as the default salt is de

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Mon, 25 Oct 2010 18:14:12 -0400 Nalin Dahyabhai wrote: > On Fri, Oct 22, 2010 at 05:38:35PM -0400, Simo Sorce wrote: > > This plugin intercepts a modrdn change so that when a user is > > renamed the krbprincipalname is changhed accordingly. > > Changing the user's principal name usually break

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Mon, Oct 25, 2010 at 06:59:18PM -0400, Simo Sorce wrote: > I was meaning to ask you if we have any other way around. Is it > possible to use a random salt instead of the principal name ? > > We do enforce pre-authentication by default, so IIRC it should be > possible, but it doesn't seem to mak

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Mon, 25 Oct 2010 20:27:04 -0400 Nalin Dahyabhai wrote: > On Mon, Oct 25, 2010 at 06:59:18PM -0400, Simo Sorce wrote: > > I was meaning to ask you if we have any other way around. Is it > > possible to use a random salt instead of the principal name ? > > > > We do enforce pre-authentication b

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

Simo Sorce wrote: This plugin intercepts a modrdn change so that when a user is renamed the krbprincipalname is changhed accordingly. The second patch activates the plugin. Simo. ack x2 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] #333 plugin to change kerberos principal name when user is renamed

On Wed, 27 Oct 2010 22:25:26 -0400 Rob Crittenden wrote: > Simo Sorce wrote: > > > > This plugin intercepts a modrdn change so that when a user is > > renamed the krbprincipalname is changhed accordingly. > > > > The second patch activates the plugin. > > > > Simo. > > ack x2 > > rob pushed to