#618 Create krb5 access provider
Closed: Fixed None Opened 10 years ago by sgallagh.

Currently, we behave differently from pam_krb5.so during the pam_account phase. When pam_account calls into SSSD, we should have a kerberos access provider that invokes krb5_kuserok() with the user's principal.

This way, if the local system provides a .k5login file that would restrict access from this user, they are appropriately denied.

This should probably happen only when dealing with remote users, not those on the local console.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.5.0

Fields changed

owner: somebody => sbose

Fixed by:
- 1e29e68
- 0bbe206
- fab9c6a
- c3593ef
- b872330
- e7a4ea9

fixedin: => 1.5.0
resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @sgallagh:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.5.0

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1660

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.