c5f3216 Add Authentication Indicator Kerberos ticket policy options

9 files Authored by abbra 4 years ago, Committed by rcritten 4 years ago,
    Add Authentication Indicator Kerberos ticket policy options
    
    For the authentication indicators 'otp', 'radius', 'pkinit', and
    'hardened', allow specifying maximum ticket life and maximum renewable
    age in Kerberos ticket policy.
    
    The policy extensions are now loaded when a Kerberos principal data is
    requested by the KDC and evaluated in AS_REQ KDC policy check. If one of
    the authentication indicators mentioned above is present in the AS_REQ,
    corresponding policy is applied to the ticket.
    
    Related: https://pagure.io/freeipa/issue/8001
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
    
        
file modified
+2 -2
file modified
+9 -1
file modified
+14 -0