freeipa

Clone
Source Code
GIT

a5d2857 Add checks to prevent adding auth indicators to internal IPA services

3 files Authored by antorres 2 years ago, Committed by frenaud 2 years ago,
raw patch tree parent
3 files changed. 41 lines added. 1 lines removed.
ipaserver/install/server/replicainstall.py
file modified
+13 -0
ipaserver/plugins/host.py
file modified
+4 -1
ipaserver/plugins/service.py
file modified
+24 -0 
    Add checks to prevent adding auth indicators to internal IPA services
    
    Authentication indicators should not be enforced against internal
    IPA services, since not all users of those services are able to produce
    Kerberos tickets with all the auth indicator options. This includes
    host, ldap, HTTP and cifs in IPA server and cifs in IPA clients.
    If a client that is being promoted to replica has an auth indicator
    in its host principal then the promotion is aborted.
    
    Fixes: https://pagure.io/freeipa/issue/8206
    Signed-off-by: Antonio Torres <antorres@redhat.com>
file modified
+13 -0
file modified
+4 -1
file modified
+24 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.