summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2015-08-20 15:12:42 +0300
committerJan Cholasta <jcholast@redhat.com>2015-08-24 12:29:33 +0200
commite13a5ed26e96436d4a7ebb2329f7f9666581008d (patch)
treef33a9b6f913b49ee1dc58082d700183de95d87a7 /ipaserver
parent6b8623848e46dec074cd2894c9fbcd0eb47d3247 (diff)
downloadfreeipa-e13a5ed26e96436d4a7ebb2329f7f9666581008d.tar.gz
freeipa-e13a5ed26e96436d4a7ebb2329f7f9666581008d.tar.xz
freeipa-e13a5ed26e96436d4a7ebb2329f7f9666581008d.zip
trusts: format Kerberos principal properly when fetching trust topology
For bidirectional trust if we have AD administrator credentials, we should be using them with Kerberos authentication. If we don't have AD administrator credentials, we should be using HTTP/ipa.master@IPA.REALM credentials. This means we should ask formatting 'creds' object in Kerberos style. For one-way trust we'll be fetching trust topology as TDO object, authenticating with pre-created Kerberos credentials cache, so in all cases we do use Kerberos authentication to talk to Active Directory domain controllers over cross-forest trust link. Part of trust refactoring series. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1250190 Fixes: https://fedorahosted.org/freeipa/ticket/5182 Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipaserver')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2024-06-08 18:57:24 +0000