8ede637 ipa-kdb: Handle parent-child relationship for subdomains

2 files Authored by abbra 10 years ago, Committed by mkosek 10 years ago,
    ipa-kdb: Handle parent-child relationship for subdomains
    
    When MS-PAC information is re-initialized, record also parent-child
    relationship between trust root level domain and its subdomains.
    
    Use parent incoming SID black list to check if child domain is not
    allowed to access IPA realm.
    
    We also should really use 'cn' of the entry as domain name.
    ipaNTTrustPartner has different meaning on wire, it is an index
    pointing to the parent domain of the domain and will be 0 for top
    level domains or disjoint subdomains of the trust.
    
    Finally, trustdomain-enable and trustdomain-disable commands should
    force MS-PAC cache re-initalization in case of black list change.
    Trigger that by asking for cross-realm TGT for HTTP service.
    
        
file modified
+99 -10
file modified
+6 -0