#7879 Support S42Self for x.509 authentication and new MIT Krb5 ABI
Closed: fixed 24 days ago by abbra. Opened a year ago by abbra.

When https://github.com/krb5/krb5/pull/887 is merged to MIT Kerberos, it will be possible to allow S4U2Self operations for clients using x.509 certificates.

To support this, MIT Kerberos bumps KDB API. Add support for new DAL version 7.1.


Note that this change actually comes with DAL version 8.0 which (unless something changes very soon) is what we'll have in 1.18. I'm working on a branch for DAL 8.0 support, but don't plan to do the work for s4u2self for x509 at this time. We can discuss what that looks like once the PR is up, but the problem is mostly the burden of keeping DAL version all the way back to 5 supported is catching up to us.

master:

  • 1c787cc Handle the removal of KRB5_KDB_FLAG_ALIAS_OK
  • ff10f3f Support DAL version 8.0
  • 93e81cf Drop support for DAL version 5.0

ipa-4-8:

  • d97cfd7 Handle the removal of KRB5_KDB_FLAG_ALIAS_OK
  • 089c47e Support DAL version 8.0
  • 1963504 Drop support for DAL version 5.0

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

24 days ago

master:

  • d92f21a Fix DAL v8 support
  • c940f96 Fix legacy S4U2Proxy in DAL v8 support

ipa-4-8:

  • 99a920c Fix DAL v8 support
  • 0806c15 Fix legacy S4U2Proxy in DAL v8 support

Login to comment on this ticket.

Metadata