freeipa

Clone
Source Code
GIT

c19196a kerberos session: use CA cert with full cert chain for obtaining cookie

1 file Authored by pvoborni 6 years ago, Committed by mbasti 6 years ago,
raw patch tree parent
1 file changed. 2 lines added. 1 lines removed.
ipaserver/rpcserver.py
file modified
+2 -1 
    kerberos session: use CA cert with full cert chain for obtaining cookie
    
    Http request performed in finalize_kerberos_acquisition doesn't use
    CA certificate/certificate store with full certificate chain of IPA server.
    So it might happen that in case that IPA is installed with externally signed
    CA certificate, the call can fail because of certificate validation
    and e.g. prevent session acquisition.
    
    If it will fail for sure is not known - the use case was not discovered,
    but it is faster and safer to fix preemptively.
    
    https://pagure.io/freeipa/issue/6876
    
    Reviewed-By: Martin Basti <mbasti@redhat.com>
file modified
+2 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.