From bd0d85804320e840db9b5cf19a5e69b3a0804e20 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 15 May 2012 20:03:16 +0300
Subject: Add trust-related ACIs

A high-level description of the design and ACIs for trusts is available at
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00224.html
and
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00248.html

Ticket #1731
---
 install/tools/ipa-adtrust-install | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'install/tools')

diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index f82d5bb82..c0b477102 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -224,13 +224,16 @@ def main():
     print "\t\t  * 389: (C)LDAP"
     print "\t\t  * 445: microsoft-ds"
     print ""
-    print "\tAdditionally you have to make sure the FreeIPA LDAP server cannot reached"
+    print "\tAdditionally you have to make sure the FreeIPA LDAP server cannot be reached"
     print "\tby any domain controller in the Active Directory domain by closing the"
     print "\tfollowing ports for these servers:"
     print "\t\tTCP Ports:"
     print "\t\t  * 389, 636: LDAP/LDAPS"
     print "\tYou may want to choose to REJECT the network packets instead of DROPing them"
     print "\tto avoid timeouts on the AD domain controllers."
+    print ""
+    print "\tWARNING: you MUST re-kinit admin user before using 'ipa trust-*' commands family"
+    print "\tin order to re-generate Kerberos tickets to include AD-specific information"
 
     return 0
 
-- 
cgit