This requirement has several parts:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1200767
The current development status of this feature was discussed and it's scope will be limited for the first release. SC authentication will be LDAP-based (details in https://bugzilla.redhat.com/show_bug.cgi?id=854396#c6).
Kerberos authentication or automatic retrieval of user TGT after authentication (pkinit) will be postponed, given the functionality currently requires special certificate extension (id-pkinit-san) in order to properly map certificates and (user) principals. This is not guaranteed with the primary supported cards (CAC), so we would first need to work on extending our Kerberos backend to provide the mapping ourselves.
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5
Metadata Update from @pvoborni: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/575 (was: 0) - Issue assigned to sbose (was: someone) - Issue close_status updated to: None
Metadata Update from @mbasti: - Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)
master:
c415604 IPA certauth plugin ipa-4-5:
cfaaf4e ipa-kdb: add ipadb_fetch_principals_with_extra_filter()
ipa-4-5:
@mbabinsk can we close this ticket as fixed?
Metadata Update from @mbasti: - Issue set to the milestone: FreeIPA 4.5.2 (was: FreeIPA 4.5.1)
FreeIPA 4.5.1 has been released, moving to FreeIPA 4.5.2 milestone
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.3 (was: FreeIPA 4.5.2)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.4 (was: FreeIPA 4.5.3)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5.4)
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.