When DS started supporting client side krb5 authentication for outgoing connection, it used direct krb5 calls. This calls should be deprecated and rather use gssapi api.
The current code is working but is fragile and difficult to support. The move to gssapi should also improve performance for example allowing parallel auth (see bz 1633089)
since 1.2 , all platform
There is no bug. The easiest way to reproduce the environment is to install freeipa master/replica. The RA will use gssapi authentication between the replicas.
NA
Cleanup will impact ldaputil.c (but likely others). More specifically all the code in set_krb5_cred should be changed with gssapi call (like gss_acquire_cred_from,...)
Metadata Update from @tbordaz: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
Metadata Update from @mreynolds: - Issue set to the milestone: 1.4.1
Metadata Update from @mreynolds: - Issue set to the milestone: 1.4.4 (was: 1.4.1) - Issue tagged with: RFE
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/3076
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.