Learn more about these different git repos.
Other Git URLs
Currently, when we validate a TGT against the host keytab, we iterate through the keytab until we find a realm that matches the realm of the principal in the TGT. When a matching realm is found, we validate against it.
However, with cross-realm trusts, it is possible to receive a TGT for a realm not in the keytab, but that could still be validated by the keytab realm.
We need to modify the algorithm so that it will attempt to evaluate once for each realm in the keytab (skipping multiple enctypes) in case any of them work.
This proposal needs to be carefully evaluated for security exploits as well.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.9.0 priority: major => critical rhbz: => 0 type: enhancement => defect
milestone: SSSD 1.9.0 => SSSD 1.9.0 RC1
owner: somebody => sbose proposed_priority: => Undefined
Fixed in d29a9e0
resolution: => fixed status: new => closed
Metadata Update from @sgallagh: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.9.0 beta 7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2438
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.