Issue #2849: Validate logon_domain while resigning the PAC - freeipa

freeipa

#2849 Validate logon_domain while resigning the PAC

Closed: Fixed None Opened 11 years ago by sbose.

The logon_domain in the PAC should be validated against the realm of the principal that owns the PAC. Otherwise technically one trust domain
could try to attack another by giving us a same named user and injecting
a domain name of a different trusted domain.

simo commented 11 years ago

Comitted:
c58836f

mkosek commented 10 years ago

Rename component.

Metadata Update from @sbose:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 3.0 Beta 2

7 years ago

Metadata

Assignee

simo

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.0 Beta 2

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

KDC LDAP driver

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#2849 Validate logon_domain while resigning the PAC Closed: Fixed None Opened 11 years ago by sbose.

Metadata

#2849 Validate logon_domain while resigning the PAC

Closed: Fixed None Opened 11 years ago by sbose.