Issue #4174: Use referrals on AS requests using Enteprise names - freeipa

freeipa

#4174 Use referrals on AS requests using Enteprise names

Closed: Duplicate None Opened 10 years ago by simo.

When enterprise names are used we may know that a particular Name belongs to a different realm we know of (for example via trusts).

In that case the DB driver can return a referral to the client to direct it to ask to a different KDC/Realm.

We should use this feature to redirect AD users of a trusted realm trying to authenticate against our KDC as this can reduce the need to set CApaths in client machines and improve interop.

simo commented 10 years ago

Note: we can probably use the same method also for TGS requests.

dpal commented 10 years ago

It seems that this ticket is a duplicate of #3559 and #3983

mkosek commented 10 years ago

Agreed - closing as duplicate to #3559.

Metadata Update from @simo:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.0 Backlog

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

low

Milestone

FreeIPA 4.0 Backlog

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

KDC LDAP driver

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#4174 Use referrals on AS requests using Enteprise names Closed: Duplicate None Opened 10 years ago by simo.

Metadata

#4174 Use referrals on AS requests using Enteprise names

Closed: Duplicate None Opened 10 years ago by simo.