Issue #5782: ipa-kdb support for krbPrincipalAuthInd - freeipa - Pagure.io

freeipa

#5782 ipa-kdb support for krbPrincipalAuthInd

Closed: Fixed None Opened 8 years ago by mrogers.

The MIT Kerberos LDAP KDB plugin stores the require_auth authentication indicator string in a krbPrincipalAuthInd attribute, taking preference over require_auth entries already stored in krbExtraData.
https://github.com/krb5/krb5/commit/0bdd3b8058ed4ec9acc050e316bea86f6830b15f

This same behavior needs to happen for the ipa-kdb plugin as well, per
http://www.freeipa.org/page/V4/Authentication_Indicators#Verify_Authentication_Indicators_During_Ticket_Issuance_.28TGSReq.29

This enhancement would be a dependency for https://fedorahosted.org/freeipa/ticket/433

pvoborni commented 8 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1224057 (Red Hat Enterprise Linux 7)

pvoborni commented 7 years ago

Matt sent a patch for this ticket, updating the ticket accordingly.

https://www.redhat.com/archives/freeipa-devel/2016-April/msg00063.html

mbasti commented 7 years ago

master:

8a2afca ipa_kdb: add krbPrincipalAuthInd handling

Metadata Update from @mrogers:
- Issue assigned to mrogers
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Login to comment on this ticket.

Metadata

Assignee

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.4

cc

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

http://www.freeipa.org/page/V4/Authentication_Indicators/Test_Plan

component

IPA

blocking

#433

on_review

1

keywords

None

test_coverage

wanted

reviewer

sbose npmcallum

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1224057

tester

None

changelog

None

design

None

Powered by Pagure 5.13.3

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.