Issue #46: Support anonymous PKINIT in case of the SSSD connecting with FAST - freeipa

freeipa

#46 Support anonymous PKINIT in case of the SSSD connecting with FAST

Closed: Duplicate None Opened 13 years ago by dpal.

This would require creating a server cert during the install.

Can you provide more details on the requirements?

We already issue a server certificate when a host is enrolled. It is installed into /etc/pki/nssdb with the nickname Server-Cert. It is managed by certmonger.

dpal commented 13 years ago

Sumit will provide the writeup of the whole feature. See also ticket https://fedorahosted.org/sssd/ticket/237

The idea is that we should use FAST both for the user authentication and host authentication. For the user authentication the host TGT is uses to establish the channel.
For the host authentication the anonymous PKINIT should be used to create TGT to establish the FAST channel. The anonymous PKINIT requires cert. It might all just work out of box. But we need to make sure it does.

dpal commented 13 years ago

Very cool feature. A lot of value but can be deferred...

simo commented 13 years ago

this is actually a duplicate of #55

Metadata Update from @dpal:
- Issue assigned to simo
- Issue set to the milestone: Tickets Deferred

7 years ago

Metadata

Assignee

simo

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

Tickets Deferred

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#46 Support anonymous PKINIT in case of the SSSD connecting with FAST Closed: Duplicate None Opened 13 years ago by dpal.

Metadata

#46 Support anonymous PKINIT in case of the SSSD connecting with FAST

Closed: Duplicate None Opened 13 years ago by dpal.