Issue #8001: Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth - freeipa

freeipa

#8001 Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth

Closed: fixed 3 years ago by abbra. Opened 4 years ago by tengcm.

As of release 1.17, KDC can be configured to apply authentication indicator for SPAKE, PKINIT, and encrypted challenge preauth, which is not configured in current freeIPA.

fcami commented 4 years ago

For the record SPAKE is documented at https://web.mit.edu/kerberos/krb5-latest/doc/admin/spake.html

abbra commented 3 years ago

master:

9c0a35f Add new authentication indicators in kdc.conf.template
d057040 Extend the list of supported pre-auth mechanisms in IPA server API
c7b938a Enable krb5 snippet updates on client update
39e3704 Move certauth configuration into a server krb5.conf template
179c8f4 Add a skeleton kdcpolicy plugin
15ff9c8 Implement user pre-authentication control with kdcpolicy plugin
b66e8a1 Modify webUI to adhere to new IPA server API
952dd2a Add design document

abbra commented 3 years ago

ipa-4-8:

e1dad72 Add new authentication indicators in kdc.conf.template
67467f4 Extend the list of supported pre-auth mechanisms in IPA server API
b2e540c Enable krb5 snippet updates on client update
80be759 Move certauth configuration into a server krb5.conf template
3a8980f Add a skeleton kdcpolicy plugin
76d1f94 Implement user pre-authentication control with kdcpolicy plugin
3e42d74 Modify webUI to adhere to new IPA server API
027e30d Add design document

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

rcritten commented 3 years ago

master:

9db6f65 Allow presence of LDAP attribute options
c5f3216 Add Authentication Indicator Kerberos ticket policy options
c02cc93 Add integration test for Kerberos ticket policy

cheimes commented 3 years ago

master:

094cf62 Nightly definition: use right template for krbtpolicy

frenaud commented 3 years ago

ipa-4-8:

4dbd689 Allow presence of LDAP attribute options
14ff82f Add Authentication Indicator Kerberos ticket policy options
bc007ec Add integration test for Kerberos ticket policy

frenaud commented 3 years ago

ipa-4-8:

04cfaa1 Nightly definition: use right template for krbtpolicy

abbra commented 3 years ago

master:

f0d12b7 ipa-kdb: Remove keys if password auth is disabled

cheimes commented 3 years ago

ipa-4-8:

aaf8fcc ipa-kdb: Remove keys if password auth is disabled

abbra commented 3 years ago

master:

83ec929 Add integration test for otp kerberos ticket policy.

abbra commented 3 years ago

ipa-4-8:

27a6920 Add integration test for otp kerberos ticket policy.

frenaud commented 3 years ago

master:

f35738e Add xmlrpc test with input validation check for kerberos ticket policy.

frenaud commented 3 years ago

ipa-4-8:

acbbc52 Add xmlrpc test with input validation check for kerberos ticket policy.

frenaud commented 2 years ago

master:

35e94be ipa-kdb: do not remove keys for hardened auth-enabled users
97d123c ipatests: add case for hardened-only ticket policy

frenaud commented 2 years ago

ipa-4-9:

6d70421 ipa-kdb: do not remove keys for hardened auth-enabled users
294ae35 ipatests: add case for hardened-only ticket policy

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#8001 Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth Closed: fixed 3 years ago by abbra. Opened 4 years ago by tengcm.

Metadata

#8001 Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth

Closed: fixed 3 years ago by abbra. Opened 4 years ago by tengcm.