mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
9b3819ea94
When external trust is established, it is by definition is non-transitive: it is not possible to obtain Kerberos tickets to any service outside the trusted domain. Reflect this reality by only accepting UPN suffixes from the external trust -- since the trusted domain is a part of another forest and UPN suffixes are forest-wide, there could be user accounts in the trusted domain that use forest-wide UPN suffix but it will be impossible to reach the forest root via the externally trusted domain. Also, an argument to netr_DsRGetForestTrustInformation() has to be either forest root domain name or None (NULL). Otherwise we'll get an error as explained in MS-NRPC 3.5.4.7.5. https://fedorahosted.org/freeipa/ticket/6021 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> |
||
---|---|---|
.. | ||
advise | ||
install | ||
plugins | ||
__init__.py | ||
dcerpc.py | ||
dns_data_management.py | ||
rpcserver.py | ||
servroles.py | ||
session.py | ||
topology.py |