During gssapi authentication, the principal is hardcoded ldap/<fqdn>@<realm> that is limited. An improvement is to retrieve the principal from the keytab.
It should select the appropriate principal from the keytab.
For privilege separation access to the keytab via gssproxy would be better
RFE
No bug. deploy ipa replica/server will setup a test env
NA
Authentication with different principal than ldap/<fqdn>@<realm>
Metadata Update from @mreynolds: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None - Issue set to the milestone: 1.4.1
Metadata Update from @mreynolds: - Issue priority set to: normal - Issue set to the milestone: 1.4.4 (was: 1.4.1) - Issue tagged with: RFE
see also https://pagure.io/389-ds-base/issue/47321
Metadata Update from @mreynolds: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1859297
Issue linked to Bugzilla: Bug 1859297
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/3077
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.