kdc: Add TODO to remind us where we need to hook for RODC to get secrets

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index ee8450159b2640077b9b87ab24e7877c8718eaae..ad522843b6c2822347f77fa124c341ace859140e 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -374,6 +374,7 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
        if (allocated_keys == 0) {
                if (kdc_db_ctx->rodc) {
                        /* We are on an RODC, but don't have keys for this account.  Signal this to the caller */
+                       /* TODO:  We need to call a generalised version of auth_sam_trigger_repl_secret from here */
                        return HDB_ERR_NOT_FOUND_HERE;
                }