#5413 [RFE] Allow users to authenticate with alternative names
Closed: Fixed None Opened 5 years ago by dpal.

Users sometimes prefer to use emails or other alises when they authenticate. In some environments it is a requirement to be able to authenticate with an email address.

We already have a ticket to allow aliases for hosts and services #1365. This ticket calls for the similar functionality but for users.

The plumbing work described in #3864 should be in place first for proper aliases support.


  • de6abc7 ipapython module for Kerberos principal manipulation and parsing
  • e6fc8f8 Test suite for ipapython/kerberos.py
  • 974eb7b ipalib: introduce Principal parameter
  • c2af032 Migrate management framework plugins to use Principal parameter
  • d151748 Add ACI for admins to modify principal attributes
  • 7e803aa replace an ACI relying on presence of deprecated objectclass
  • 750a392 Allow for commands that use positional parameters to add/remove attributes
  • a28d312 Make framework consider krbcanonicalname as service primary key
  • e6ff83e Provide API for management of host, service, and user principal aliases
  • acf2234 Unify display of principal names/aliases across entities

Metadata Update from @dpal:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.4

4 years ago

Login to comment on this ticket.