Currently DAL driver prevents users from using Kerberos-FreeIPA trusts and errors our with "KDC policy rejects request" message.
The check is too restrictive and should be removed.
The check should merely be relaxed so that file based configuration can also be used.
Patch sent for review: https://www.redhat.com/archives/freeipa-devel/2015-January/msg00232.html
Metadata Update from @pspacek:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.1.3
to comment on this ticket.
KDC LDAP driver
Copyright © 2014-2018 Red Hat
4.0.4 — Documentation