Issue #4592: Need support for kerberos-optional URLs - freeipa

freeipa

#4592 Need support for kerberos-optional URLs

Opened 9 years ago by npmccallum. Modified 7 years ago

The current FreeIPA core dispatch code requires that URLs be either kerberos authenticated or not authenticated at all. However, for token syncing, we need both.

For this case:
1. if kerberos authentication has succeded, no further information is required.
2. if kerberos authentication failed, the user should be denied.
3. if kerberos authentication is absent, additional parameters are required.

This will require a large refactoring of the HTTP dispatch code.

mkosek commented 9 years ago

pvoborni and npmccallum discussed the design and found other ways to fix it, without this refactoring.

Until there is other real use case, we do not plan on addressing it.

Metadata Update from @npmccallum:
- Issue assigned to someone
- Issue set to the milestone: Tickets Deferred

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

Tickets Deferred

None

affects_doc

None

source

None

knownissue

None

type

refactoring

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#4592 Need support for kerberos-optional URLs Opened 9 years ago by npmccallum. Modified 7 years ago

Close issue as:

Metadata

#4592 Need support for kerberos-optional URLs

Opened 9 years ago by npmccallum. Modified 7 years ago