#3559 Client referrals for enterprise principals from other realms are not generated
Closed: Fixed None Opened 6 years ago by sbose.

According to RFC6806 a KDC can return a client referral if it cannot handle an enterprise principal itself but knows a KDC which might be able to handle it. For IPA this might be the case in an environment with trusts.

If the IPA KDC receives an AS-REQ with an enterprise principal from a trusted realm it should return a client referral.

Merge KDC LDAP components to one.

This feature may be required/useful for the cases when FreeIPA user logs in to AD - i.e. related to #3125.

We reviewed this ticket together with Dmitri and Simo and decided to postpone it as we do not have enough resources to finish it within 4.0 time frame.

No time to finish before 4.2 GA, moving to later release.

I talked to Alexander, we decided to treat this one as a bug, rather than enhancement.

FreeIPA 4.2.1 was released, moving to 4.2.2.


  • 766438a client referral support for trusted domain principals


  • 47a8d4f client referral support for trusted domain principals

Metadata Update from @sbose:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.2.2

2 years ago

Login to comment on this ticket.