freeipa

Clone
Source Code
GIT

b035ac8 doc: add design document for Kerberos constrained delegation

2 files Authored by abbra a year ago, Committed by rcritten a year ago,
raw patch tree parent
2 files changed. 409 lines added. 0 lines removed.
doc/designs/index.rst
file modified
+1 -0
doc/designs/rbcd.md
file added
+408 
    doc: add design document for Kerberos constrained delegation
    
    FreeIPA Kerberos implementation already supports delegation of
    credentails, both unconstrained and constrained. Constrained delegation
    is an extension developed by Microsoft and documented in MS-SFU
    specification. MS-SFU specification also includes resource-based
    constrained delegation (RBCD) which FreeIPA did not support.
    
    Microsoft has decided to force use of RBCD for forest trust. This means
    that certain use-cases will not be possible anymore.
    
    This design document outlines approaches used by FreeIPA for constrained
    delegation implementation, including RBCD.
    
    Fixes: https://pagure.io/freeipa/issue/9354
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+1 -0
file added
+408
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.