freeipa

Clone
Source Code
GIT

e1dad72 Add new authentication indicators in kdc.conf.template

1 file Authored by tengcm 4 years ago, Committed by abbra 4 years ago,
raw patch tree parent
1 file changed. 3 lines added. 0 lines removed.
install/share/kdc.conf.template
file modified
+3 -0 
    Add new authentication indicators in kdc.conf.template
    
    As of release 1.17, KDC can be configured to apply authentication
    indicator for SPAKE, PKINIT, and encrypted challenge preauth via
    FAST channel, which are not configured in current version of freeIPA.
    
    Note that even though the value of encrypted_challenge_indicator is
    attached only when encrypted challenge preauth is performed along
    a FAST channel, it's possible to perform FAST without encrypted
    challenge by using SPAKE. Since there is no reason to force clients
    not to use SPAKE while using FAST, we made a design choice to merge
    SPAKE and FAST in a new option called "Hardened Password", which
    requires user to use at least one of SPAKE or FAST channel. Hence
    same value attaching to both spake_preauth_indicator and
    encrypted_challenge_indicator.
    
    Resolves: https://pagure.io/freeipa/issue/8001
    Signed-off-by: Changmin Teng <cteng@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Simo Sorce <ssorce@redhat.com>
    Reviewed-By: Robbie Harwood <rharwood@redhat.com>
file modified
+3 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.