freeipa

Clone
Source Code
GIT

d542a23 ipa-kdb: when applying ticket policy, do not deny PKINIT

1 file Authored by abbra 2 months ago, Committed by frenaud 2 months ago,
raw patch tree parent
1 file changed. 2 lines added. 5 lines removed.
daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
file modified
+2 -5 
    ipa-kdb: when applying ticket policy, do not deny PKINIT
    
    PKINIT differs from other pre-authentication methods by the fact that it
    can be matched indepedently of the user authentication types via certmap
    plugin in KDC.
    
    Since PKINIT is a strong authentication method, allow its authentication
    indicator and only apply the ticket policy.
    
    Fixes: https://pagure.io/freeipa/issue/9485
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
file modified
+2 -5
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.