freeipa

Clone
Source Code
GIT

e4a611a Allow hosts to read DNS records for IP SAN

Authored and Committed by cheimes 3 years ago
raw patch tree parent
3 files changed. 50 lines added. 5 lines removed.
install/share/dns.ldif
file modified
+1 -0
install/updates/40-dns.update
file modified
+1 -1
ipatests/test_integration/test_cert.py
file modified
+48 -4 
    Allow hosts to read DNS records for IP SAN
    
    For SAN IPAddress extension the cert plugin verifies that the IP address
    matches the host entry. Certmonger uses the host principal to
    authenticate and retrieve certificates. But the host principal did not
    have permission to read DNS entries from LDAP.
    
    Allow all hosts to read some entries from active DNS records.
    
    Fixes: https://pagure.io/freeipa/issue/8098
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+1 -0
file modified
+1 -1
file modified
+48 -4
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.