Learn more about these different git repos.
Other Git URLs
Currently, when we validate a TGT against the host keytab, we iterate through the keytab until we find a realm that matches the realm of the principal in the TGT. When a matching realm is found, we validate against it.
However, with cross-realm trusts, it is possible to receive a TGT for a realm not in the keytab, but that could still be validated by the keytab realm.
We need to modify the algorithm so that it will attempt to evaluate once for each realm in the keytab (skipping multiple enctypes) in case any of them work.
This proposal needs to be carefully evaluated for security exploits as well.
milestone: NEEDS_TRIAGE => SSSD 1.9.0
priority: major => critical
rhbz: => 0
type: enhancement => defect
milestone: SSSD 1.9.0 => SSSD 1.9.0 RC1
owner: somebody => sbose
proposed_priority: => Undefined
Fixed in d29a9e0
resolution: => fixed
status: new => closed
Metadata Update from @sgallagh:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.0 beta 7
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.