Issue #6343: [RFE] Allow login to WebUI using Kerberos aliases/enterprise principals - freeipa

freeipa

#6343 [RFE] Allow login to WebUI using Kerberos aliases/enterprise principals

Closed: fixed 8 years ago Opened 8 years ago by mbabinsk.

The code that handles password login into FreeIPA WebUI currently does not support logging in using Kerberos principal aliases, enterprise principals or trusted users.

To achieve this, the logic of the login_password handler class in ipaserver/rpcserver.py has to be altered to do only basic syntactic validation of incoming usernames, treat them as enterprise principals, and letting our KDC to sort them out since it now can handle all of these scenarios properly.

This infrastructure change is required to allow trusted AD user self-service using Web interface.

Metadata Update from @mbabinsk:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.5

8 years ago

dkupka commented 8 years ago

master:

f8d7e37 Allow login to WebUI using Kerberos aliases/enterprise principals

Metadata Update from @dkupka:
- Issue close_status updated to: None

8 years ago

Metadata Update from @dkupka:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

8 years ago

Metadata

Assignee

mbabinsk

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.5

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

#3242

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

tester

None

changelog

None

design

None

rhbz

todo

freeipa

Source Code

#6343 [RFE] Allow login to WebUI using Kerberos aliases/enterprise principals Closed: fixed 8 years ago Opened 8 years ago by mbabinsk.

Metadata

#6343 [RFE] Allow login to WebUI using Kerberos aliases/enterprise principals

Closed: fixed 8 years ago Opened 8 years ago by mbabinsk.