diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-05-02 15:36:04 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-05-01 20:38:43 -0400 |
| commit | b8f30bce77837966597f5508625742c1bae04080 (patch) | |
| tree | 473887cdc82bdd929443bc394103189f4e8cf05e /ipalib/plugins/baseldap.py | |
| parent | 6569f355b61d4c0d55ca9ee2c5f36787cce73593 (diff) | |
| download | freeipa.git-b8f30bce77837966597f5508625742c1bae04080.tar.gz freeipa.git-b8f30bce77837966597f5508625742c1bae04080.tar.xz freeipa.git-b8f30bce77837966597f5508625742c1bae04080.zip | |
Make ipa 2.2 client capable of joining an older server
IPA server of version 2.2 and higher supports Kerberos S4U2Proxy
delegation, i.e. ipa command no longer forwards Kerberos TGT to the
server during authentication. However, when IPA client of version
2.2 and higher tries to join an older IPA server, the installer
crashes because the pre-2.2 server expects the TGT to be forwarded.
This patch adds a fallback to ipa-client-install which would detect
this situation and tries connecting with TGT forwarding enabled
again. User is informed about this incompatibility.
Missing realm was also added to keytab kinit as it was reported to
fix occasional install issues.
https://fedorahosted.org/freeipa/ticket/2697
Diffstat (limited to 'ipalib/plugins/baseldap.py')
0 files changed, 0 insertions, 0 deletions