On (05/12/14 13:37), Sumit Bose wrote:
Hi,
with the copy_keytab patch I added a call to krb5_kt_have_content()
which is only available in MIT Kerberos 1.11 and newer. This patch adds
a wrapper call.
bye,
Sumit
From 8ff83e6f82531f177fc6b9c10d0d218ec370c5e0 Mon Sep 17 00:00:00
2001
From: Sumit Bose <sbose(a)redhat.com>
Date: Fri, 5 Dec 2014 13:23:12 +0100
Subject: [PATCH] krb5: add wrapper for krb5_kt_have_content()
krb5_kt_have_content() was introduced in MIT Kerberos 1.11. For older
platforms this patch adds sss_krb5_kt_have_content() as a wrapper.
Resolves
https://fedorahosted.org/sssd/ticket/2518
---
wrapper for older versions works fine with krb5-1.10
The implementation is almost the same as MIT implementation of
krb5_kt_have_content.
ACK
BTW
I'm not sure whether it is related to this patch, but there are failed test
for "null principal"
[domain/asasd]
//snip
krb5_use_fast = demand
krb5_fast_principal =
It was possible to authenticate with older version of sssd => *REGRESSION*
Another failed test use similar configuration
[domain/asasd]
//snip
krb5_use_fast = demand
krb5_fast_principal =
krb5_validate = true
Finally, the last failed test is regression test for ticket
https://fedorahosted.org/sssd/ticket/1288
This test failed because '/var/log/messages' does not contain '[default]'
LS