freeipa

Clone
Source Code
GIT

dfbdb53 cert-request: match names against principal aliases

2 files Authored by ftweedal 7 years ago, Committed by mbabinsk 7 years ago,
raw patch tree parent
2 files changed. 158 lines added. 40 lines removed.
ipaserver/plugins/cert.py
file modified
+85 -28
ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
file modified
+73 -12 
    cert-request: match names against principal aliases
    
    Currently we do not check Kerberos principal aliases when validating
    a CSR.  Enhance cert-request to accept the following scenarios:
    
    - for hosts and services: CN and SAN dnsNames match a principal
      alias (realm and service name must be same as nominated principal)
    
    - for all principal types: UPN or KRB5PrincipalName othername match
      any principal alias.
    
    Fixes: https://fedorahosted.org/freeipa/ticket/6295
    Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
    Reviewed-By: Milan Kubik <mkubik@redhat.com>
file modified
+85 -28
file modified
+73 -12
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.