When https://github.com/krb5/krb5/pull/887 is merged to MIT Kerberos, it will be possible to allow S4U2Self operations for clients using x.509 certificates.
To support this, MIT Kerberos bumps KDB API. Add support for new DAL version 7.1.
Note that this change actually comes with DAL version 8.0 which (unless something changes very soon) is what we'll have in 1.18. I'm working on a branch for DAL 8.0 support, but don't plan to do the work for s4u2self for x509 at this time. We can discuss what that looks like once the PR is up, but the problem is mostly the burden of keeping DAL version all the way back to 5 supported is catching up to us.
master:
ipa-4-8:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.