76d1f94 Implement user pre-authentication control with kdcpolicy plugin

3 files Authored by tengcm 4 years ago, Committed by abbra 4 years ago,
    Implement user pre-authentication control with kdcpolicy plugin
    
    We created a Kerberos kdcpolicy plugin to enforce user
    pre-authentication policy for newly added pkinit and hardened policy.
    
    In the past version of freeIPA, password enforcement exists but was done
    by removing key data for a principal while parsing LDAP entry for it.
    This hack is also removed and is now also enforced by kdcpolicy plugin
    instead.
    
    Resolves: https://pagure.io/freeipa/issue/8001
    Signed-off-by: Changmin Teng <cteng@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Simo Sorce <ssorce@redhat.com>
    Reviewed-By: Robbie Harwood <rharwood@redhat.com>
    
        
file modified
+1 -0