#5485 Add option to disable setkeytab extended operation
Opened 3 years ago by simo. Modified 2 years ago

The setkeytab extended operation has been superseeded by the getkeytab extended operation.

Add an option to allow disabling it, but set the current default to allow it, as this old method is still needed for older clients.

We just need the plumbing in place so that in future, we can flip the default to off and then "old" servers will understand it and turn this feature off too.


The ability to disable setkeytab for just users will also allow a staged approach, uses do not generally need to get keytabs.

The proposal is to have 2 options:

  • DisableSetKeytab: a Master switch that kills the interface completely
  • DisableUserSetKeyab: Disables setkeytab but only for user accounts.

New defaults would be: DisableSetKeytab is not set, while DisableUserSetKeytab is set.

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 4.5 backlog

2 years ago

Login to comment on this ticket.

Metadata