Issue #134: Add special "AD" mode to account for SPN Aliases - gssproxy

gssproxy

#134 Add special "AD" mode to account for SPN Aliases

Closed: Deferred 4 years ago by simo. Opened 9 years ago by simo.

In AD, when you join a machine to the domain, you get by default a bunch of aliases attached to the host key.

We should create a special "AD" mode in GSS-Proxy to allow specific services to use the host key in "alias mode".

Key things to do: set a null name in the gss_accept_sec_context().
Still check that the requesting service is passing it an acceptable service name, and (if possible) check what name the remote client used and match it.

The options should be something like:
[apache]
euid = 48
alias = HTTP # {perhaps even HTTP/fqdn}

The keytab it should point to is the host key (which is the default if not specified explicitly)

When alias is specified it means we want to try to use a key named differently.

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: 2016 January

7 years ago

simo commented 4 years ago

Project has moved please reopen here if still an issue:
https://github.com/gssapi/gssproxy/issues

Metadata Update from @simo:
- Issue close_status updated to: Deferred
- Issue priority set to: None (was: 2)
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata

Assignee

simo

Tags

None

Blocking

None

Depending on

None

Milestone

2016 January

type

enhancement

component

gssproxy daemon

rhbz

None

version

None

blockedby

None

gssproxy

Source Code

#134 Add special "AD" mode to account for SPN Aliases Closed: Deferred 4 years ago by simo. Opened 9 years ago by simo.

Metadata

#134 Add special "AD" mode to account for SPN Aliases

Closed: Deferred 4 years ago by simo. Opened 9 years ago by simo.