diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-10-08 13:27:16 +0300 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-10-09 18:15:01 -0400 |
commit | 0840b588d753e468ce16f47944e8a332864e3166 (patch) | |
tree | 228edc6cfb2fbb41458d3f05500b2378abc3118d /install/updates | |
parent | 00a54b8b7f1e6e157f4b5efe7f24462685194de5 (diff) | |
download | freeipa-0840b588d753e468ce16f47944e8a332864e3166.tar.gz freeipa-0840b588d753e468ce16f47944e8a332864e3166.tar.xz freeipa-0840b588d753e468ce16f47944e8a332864e3166.zip |
Add cifs principal to S4U2Proxy targets only when running ipa-adtrust-install
Since CIFS principal is generated by ipa-adtrust-install and is only
usable after setting CIFS configuration, there is no need to include it
into default setup.
This should fix upgrades from 2.2 to 3.0 where CIFS principal does not
exist by default.
https://fedorahosted.org/freeipa/ticket/3041
Diffstat (limited to 'install/updates')
-rw-r--r-- | install/updates/60-trusts.update | 4 | ||||
-rw-r--r-- | install/updates/61-trusts-s4u2proxy.update | 9 |
2 files changed, 2 insertions, 11 deletions
diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update index cc9a771d..bf2c58da 100644 --- a/install/updates/60-trusts.update +++ b/install/updates/60-trusts.update @@ -40,10 +40,6 @@ dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX default: objectClass: GroupOfNames default: objectClass: top default: cn: adtrust agents -default: member: krbprincipalname=cifs/$FQDN@$REALM,cn=services,cn=accounts,$SUFFIX - -dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX -add: member: krbprincipalname=cifs/$FQDN@$REALM,cn=services,cn=accounts,$SUFFIX dn: cn=trusts,$SUFFIX default: objectClass: top diff --git a/install/updates/61-trusts-s4u2proxy.update b/install/updates/61-trusts-s4u2proxy.update index 4a71148b..7504a068 100644 --- a/install/updates/61-trusts-s4u2proxy.update +++ b/install/updates/61-trusts-s4u2proxy.update @@ -1,12 +1,7 @@ -dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX -add: ipaAllowedTarget: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX' - dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX default: objectClass: groupOfPrincipals default: objectClass: top default: cn: ipa-cifs-delegation-targets -default: memberPrincipal: cifs/$FQDN@$REALM - -dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX -add: memberPrincipal: cifs/$FQDN@$REALM +dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX +add: ipaAllowedTarget: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX' |