freeipa

Clone
Source Code
GIT

14ff82f Add Authentication Indicator Kerberos ticket policy options

9 files Authored by abbra 4 years ago, Committed by frenaud 4 years ago,
raw patch tree parent
9 files changed. 235 lines added. 21 lines removed.
ACI.txt
file modified
+2 -2
API.txt
file modified
+9 -1
daemons/ipa-kdb/ipa_kdb.h
file modified
+14 -0
daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
file modified
+17 -4
daemons/ipa-kdb/ipa_kdb_principals.c
file modified
+68 -0
doc/designs/krb-ticket-policy.md
file modified
+15 -10
install/share/60kerberos.ldif
file modified
+5 -1
ipaserver/plugins/krbtpolicy.py
file modified
+91 -3
ipatests/test_xmlrpc/test_krbtpolicy.py
file modified
+14 -0 
    Add Authentication Indicator Kerberos ticket policy options
    
    For the authentication indicators 'otp', 'radius', 'pkinit', and
    'hardened', allow specifying maximum ticket life and maximum renewable
    age in Kerberos ticket policy.
    
    The policy extensions are now loaded when a Kerberos principal data is
    requested by the KDC and evaluated in AS_REQ KDC policy check. If one of
    the authentication indicators mentioned above is present in the AS_REQ,
    corresponding policy is applied to the ticket.
    
    Related: https://pagure.io/freeipa/issue/8001
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+2 -2
file modified
+9 -1
file modified
+14 -0
file modified
+17 -4
file modified
+68 -0
file modified
+15 -10
file modified
+5 -1
file modified
+91 -3
file modified
+14 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.