#3651 Add MS-PAC to host/fqdn TGT
Closed: Fixed None Opened 7 years ago by abbra.

When cross-realm trust is established, Windows allows to access Global Catalog service using Kerberos tickets from a trusted domain. These tickets must have MS-PAC in them.

Currently we generate MS-PAC only for users because we need to know SID to put to MS-PAC. We need to add MS-PAC to other principals as well but to do so we need to define default SID for them, for example, a SID per host which all principals owned by this host would be sharing.

This is part of trusted domains work for 3.3


Moving to next month bucket.

This is a 3.3 Trust effort sub-ticket - set rhbz to 0.

Metadata Update from @abbra:
- Issue assigned to sbose
- Issue set to the milestone: FreeIPA 3.3 - 2013/06

3 years ago

Login to comment on this ticket.

Metadata