Issue #5251: The "Standard Vault" MUST not be the default and must be discouraged - freeipa

freeipa

#5251 The "Standard Vault" MUST not be the default and must be discouraged

Closed: Fixed None Opened 8 years ago by simo.

The current default for vaults is the standard vault.

The standard vault is a vault that can be acced by anyone that have access to the kra key and accessible by the framework directly.

The "standard vault" is therefore not a good default as any admin can access it.

User's must take an actual explicit step to choose such a vault and they must be prominently warned that IPA administrator can access secrets stored in such a vault at any time.

The default vault should probably be the "symmetric vault".

pvoborni commented 8 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1257072

mbasti commented 8 years ago

master:

19dd2ed vault: change default vault type to symmetric

ipa-4-2:

e247bab vault: change default vault type to symmetric

mbasti commented 8 years ago

master:

9b0a019 vault: fix vault tests after default type change

ipa-4-2:

91de475 vault: fix vault tests after default type change

Metadata Update from @simo:
- Issue assigned to pvoborni
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Metadata

Assignee

pvoborni

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

FreeIPA 4.2.1

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

mbasti

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1257072

tester

None

changelog

None

design

None

freeipa

Source Code

#5251 The "Standard Vault" MUST not be the default and must be discouraged Closed: Fixed None Opened 8 years ago by simo.

Metadata

#5251 The "Standard Vault" MUST not be the default and must be discouraged

Closed: Fixed None Opened 8 years ago by simo.