Upcoming changes to upstream krb5 may result in modification requests that get passed into the IPA kdb plugin including a zero-length list of keys, which may or may not be NULL.
We need to make sure that the plugin isn't going to be tripped up by any of this, and that it correctly interprets this as a request from the caller to remove all of the keys from the principal entry (which in LDAP, I assume means removing the attribute value completely).
3.4 development was shifted for one month, moving tickets to reflect reality better.
Nathaniel, did you have a chance to check our Kerberos driver for this issue?
Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.
https://www.redhat.com/archives/freeipa-devel/2013-November/msg00085.html
master:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1108225
Metadata Update from @nalin: - Issue assigned to npmccallum - Issue set to the milestone: FreeIPA 4.0 Backlog
Login to comment on this ticket.