This prevents from setting per principal ticket flags for computer objects (note that service objects have the objectclass).
Using kadmin.local trying to set a specific flag on host/fqdn@REALM entries returns an error.
I think we should intercept writes to host objects in ipadb.so and add the objectlass if someone tries to add a ticket flag too. This will fix existing objects while framework changes will fix future new objects in an existing install.
untested patch to resolve the issue 0001-Add-krbticketPolicyAux-objectclass-if-needed.patch
Would the attached patch be sufficient ?
Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.
master: a1165ff
Metadata Update from @simo: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.0 - 2013/12
Login to comment on this ticket.