Issue #5012: When user's log in acquire Service Tickets and throw away TGT - freeipa

freeipa

#5012 When user's log in acquire Service Tickets and throw away TGT

Opened 8 years ago by simo. Modified 7 years ago

In order to improve the security of the framework, upon password based logins we should immediately acquire tickets for the services we can contact (LDAP and in future dogtag) and then immediatgely drop the TGT. This way if a server HTTP frontend gets compromised only those tickets can be accessed and not a full blown TGT.

Metadata Update from @simo:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

low

Milestone

FreeIPA 4.5 backlog

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Management framework

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

todo

tester

None

changelog

None

design

None

freeipa

Source Code

#5012 When user's log in acquire Service Tickets and throw away TGT Opened 8 years ago by simo. Modified 7 years ago

Close issue as:

Metadata

#5012 When user's log in acquire Service Tickets and throw away TGT

Opened 8 years ago by simo. Modified 7 years ago