More forest trust related patches

Stefan (metze) Metzmacher metze at samba.org
Sun Apr 12 13:38:14 MDT 2015 

Hi,

I moved a lot more stuff to the -ok branch (Note I also changed fixed some
of the dsdb_trust_* helper functions compared to the last patchset!)

It passed autobuild a few times and it's ready for master from my site.

Note that samba-tool domain trust create needs to generate a true
utf8 based password if --no-aes-keys is given, this is required
because our kerberos client code can't handle random utf16munged passwords
for arcfour-hmac-md5 pre-auth yet.

However there're a few TODO's in the remaining patches.
It's mainly related to bug #11130, where we should allow
COMPUTERNAME at REALM and map it to COMPUTERNAME$@REALM.
The same applies also for trust accounts (I guess it's just based on the
'$').
It's allowed as a client and also as a service principal.
I added some tests for it and hacked a mostly working (but ugly
implementation),
Andrew maybe you can work out a better fix :-)

Note that winbindd uses MYDOMAIN at OTHERREALM for kinit and generates some
warnings
without the fix for bug #11130, but it still work fine.

Please review and push the -ok patches.

Thanks!
metze

Am 09.04.2015 um 00:07 schrieb Stefan (metze) Metzmacher:
> Hi,
> 
> here're some more patches ready in my master4-forest-ok branch.
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-forest-ok
> 
> There's more in the master4-forest-tmp, but I need to finish some of the
> commits...
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-forest-tmp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: master4-forest-ok.diff.txt.gz
Type: application/gzip
Size: 67685 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150412/847cd427/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: master4-forest-tmp.diff.txt.gz
Type: application/gzip
Size: 4782 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150412/847cd427/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150412/847cd427/attachment.pgp>

More information about the samba-technical mailing list