Issue #1731: Protect trust password - freeipa

freeipa

#1731 Protect trust password

Closed: Fixed None Opened 12 years ago by sbose.

Since the trust password is needed to access resources on the other domain is it basically stored in plain text. It should be protected by ACIs and maybe even encrypted if some safe key material is available.

sbose commented 12 years ago

An ACI on ipaNTTrustAuthOutgoing and ipaNTTrustAuthIncoming so that only the samba user can read and write them should be sufficient.

sbose commented 12 years ago

Is handled as part of the major enhancements in #2189.

abbra commented 12 years ago

Done, will be submitted together with 1821.

abbra commented 12 years ago

https://www.redhat.com/archives/freeipa-devel/2012-April/msg00019.html

sbose commented 11 years ago

Waiting for MIT Kerberos support in samba to have principal to whom the ACIs can be assigned.

abbra commented 11 years ago

Done

master: bd0d858

Metadata Update from @sbose:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.0 Trust Effort - 2012/05

7 years ago

Metadata

Assignee

abbra

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.0 Trust Effort - 2012/05

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#1731 Protect trust password Closed: Fixed None Opened 12 years ago by sbose.

Metadata

#1731 Protect trust password

Closed: Fixed None Opened 12 years ago by sbose.