Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1375107
Description of problem: Introduce different Kerberos ticket lifetimes depending on authentication method (password/2FA/PKINIT). The goal here is that 2FA is used to secure more critical systems so not only should getting in be harder (require 2FA) but ticket lifetime should be shorter. The Authentication Indicator feature introduced in RHEL 7.3 (Bug 1224057) may be leveraged for this policy.
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: Future Releases
Fixed by https://pagure.io/freeipa/c/c5f32165d6105a48d9de85a8d29925b58beb9f91
@carbenium thanks for the heads-up.
Closing this ticket as a duplicate of #8001 Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth
Metadata Update from @frenaud: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.