#9632 Unconditionally add MS-PAC to global config
Closed: fixed 6 months ago by rcritten. Opened 6 months ago by jrische.

To enable PAC generation, the "MS-PAC" value has to be set for "ipaKrbAuthzData" in "cn=ipaConfig,cn=etc,$SUFFIX".

However, the LDIF file is using the "addifnew" instruction, which is skipped in case the attribute already exists. This is not the behaviour we want. "MS-PAC" should be added unconditionally, especially now on RHEL 8 where the PAC is required by the Bronze-Bit attack detection mechanism. Not supporting the PAC breaks the IPA API on this RHEL version.


Metadata Update from @jrische:
- Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-49437

6 months ago

master:

  • 0c79ecb Unconditionally add MS-PAC to global config on update

ipa-4-12:

  • d1a485a Unconditionally add MS-PAC to global config on update
  • 9f88188 Remove RC4 and 3DES default encryption types on update

ipa-4-11:

  • 96e1c97 Unconditionally add MS-PAC to global config on update
  • e51db4a Remove RC4 and 3DES default encryption types on update

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 months ago

ipa-4-10:

  • 2925336 Unconditionally add MS-PAC to global config on update
  • 5313dae Remove RC4 and 3DES default encryption types on update

ipa-4-9:

  • 4ef0d6c Unconditionally add MS-PAC to global config on update
  • 4d682a2 Remove RC4 and 3DES default encryption types on update

master:

  • b07f1d9 ipatests: Check Default PAC type is added to config

ipa-4-12:

  • ad4b7f6 ipatests: Check Default PAC type is added to config

ipa-4-11:

  • d22bdac ipatests: Check Default PAC type is added to config

ipa-4-10:

  • bdc35a0 ipatests: Check Default PAC type is added to config

ipa-4-9:

  • 7ef9411 ipatests: Check Default PAC type is added to config

Log in to comment on this ticket.

Metadata