Learn more about these different git repos.
Other Git URLs
Currently, when we validate a TGT against the host keytab, we iterate through the keytab until we find a realm that matches the realm of the principal in the TGT. When a matching realm is found, we validate against it.
However, with cross-realm trusts, it is possible to receive a TGT for a realm not in the keytab, but that could still be validated by the keytab realm.
We need to modify the algorithm so that it will attempt to evaluate once for each realm in the keytab (skipping multiple enctypes) in case any of them work.
This proposal needs to be carefully evaluated for security exploits as well.
milestone: NEEDS_TRIAGE => SSSD 1.9.0
priority: major => critical
rhbz: => 0
type: enhancement => defect
milestone: SSSD 1.9.0 => SSSD 1.9.0 RC1
owner: somebody => sbose
proposed_priority: => Undefined
Fixed in d29a9e0
resolution: => fixed
status: new => closed
Metadata Update from @sgallagh:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.0 beta 7
to comment on this ticket.