freeipa

Clone
Source Code
GIT

6d70421 ipa-kdb: do not remove keys for hardened auth-enabled users

1 file Authored by jrische 2 years ago, Committed by frenaud 2 years ago,
raw patch tree parent
1 file changed. 12 lines added. 11 lines removed.
daemons/ipa-kdb/ipa_kdb_principals.c
file modified
+12 -11 
    ipa-kdb: do not remove keys for hardened auth-enabled users
    
    Since 5d51ae5, principal keys were dropped in case user auth indicator
    was not including password. Thereafter, the key removal behavior was
    removed by 15ff9c8 in the context of the kdcpolicy plugin introduction.
    Support for hardened pre-auth methods (FAST and SPAKE) was added in
    d057040, and the removal of principal keys was restored afterwards by
    f0d12b7, but not taking the new hardened auth indicator into account.
    
    Fixes: https://pagure.io/freeipa/issue/9065
    Related to: https://pagure.io/freeipa/issue/8001
    
    Signed-off-by: Julien Rische <jrische@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
file modified
+12 -11
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.