freeipa

Clone
Source Code
GIT

#6351 [RFE] Configurable Kerberos ticket lifetime based on authentication method
Closed: duplicate 3 years ago by frenaud. Opened 7 years ago by pvoborni.

Closed: duplicate
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1375107

Description of problem:

Introduce different Kerberos ticket lifetimes depending on authentication
method (password/2FA/PKINIT). The goal here is that 2FA is used to secure more
critical systems so not only should getting in be harder (require 2FA) but
ticket lifetime should be shorter.

The Authentication Indicator feature introduced in RHEL 7.3 (Bug 1224057) may
be leveraged for this policy.

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: Future Releases
7 years ago

@carbenium thanks for the heads-up.

Closing this ticket as a duplicate of #8001 Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth

Metadata Update from @frenaud:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
enhancement
None
None
IPA
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1375107
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.