f78dc0b kdb: implement RBCD handling in KDB driver

4 files Authored by abbra a year ago, Committed by rcritten a year ago,
    kdb: implement RBCD handling in KDB driver
    
    Resource-based constrained delegation (RBCD) is implemented with a new
    callback used by the KDC. This callback is called when a server asks for
    S4U2Proxy TGS request and passes a ticket that contains RBCD PAC
    options.
    
    The callback is supposed to take a client and a server principals, a PAC and a target
    service database entry. Using the target service database entry it then
    needs to decide whether a server principal is allowed to delegate the
    client credentials to the target service.
    
    The callback can also cross-check whether the client principal can be
    limited in delegating own tickets but this is not implemented in the
    current version.
    
    Fixes: https://pagure.io/freeipa/issue/9354
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+1 -1
file modified
+16 -0