Issue #3651: Add MS-PAC to host/fqdn TGT - freeipa

freeipa

#3651 Add MS-PAC to host/fqdn TGT

Closed: Fixed None Opened 10 years ago by abbra.

When cross-realm trust is established, Windows allows to access Global Catalog service using Kerberos tickets from a trusted domain. These tickets must have MS-PAC in them.

Currently we generate MS-PAC only for users because we need to know SID to put to MS-PAC. We need to add MS-PAC to other principals as well but to do so we need to define default SID for them, for example, a SID per host which all principals owned by this host would be sharing.

This is part of trusted domains work for 3.3

mkosek commented 10 years ago

Rename component.

mkosek commented 10 years ago

Moving to next month bucket.

mkosek commented 10 years ago

This is a 3.3 Trust effort sub-ticket - set rhbz to 0.

abbra commented 10 years ago

Committed to master:

cf97590

8d6d845

Metadata Update from @abbra:
- Issue assigned to sbose
- Issue set to the milestone: FreeIPA 3.3 - 2013/06

7 years ago

Metadata

Assignee

sbose

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.3 - 2013/06

None

affects_doc

None

source

None

knownissue

None

type

task

blockedby

None

test_case

None

component

KDC LDAP driver

blocking

#3567

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#3651 Add MS-PAC to host/fqdn TGT Closed: Fixed None Opened 10 years ago by abbra.

Metadata

#3651 Add MS-PAC to host/fqdn TGT

Closed: Fixed None Opened 10 years ago by abbra.