#3859 enabled ipa-getkeytab to fetch existing keytab. This is authorized via allowedToPerform;read_keys attribute in the target entry containing a DN of a user/group allowed to fetch the keytab.
allowedToPerform;read_keys
Add CLI/UI to set this attribute.
server part:
master:
ipa-4-1:
Web UI:
Metadata Update from @mkosek: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 4.1
Log in to comment on this ticket.