RFE Outgoing connections using sasl gssapi auth mechanism use a hardcoded principal

[389-ds-bot]

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/50018

• Created at 2018-11-08 12:49:21 by tbordaz (@tbordaz)
• Assigned to nobody
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1859297

---

Issue Description

During gssapi authentication, the principal is hardcoded ldap/@ that is limited. An improvement is to retrieve the principal from the keytab.

It should select the appropriate principal from the keytab.

For privilege separation access to the keytab via gssproxy would be better

Package Version and Platform

RFE

Steps to reproduce

No bug. deploy ipa replica/server will setup a test env

Actual results

NA

Expected results

Authentication with different principal than ldap/@

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2018-11-15 17:58:48

Metadata Update from @mreynolds389:

• Custom field component adjusted to None
• Custom field origin adjusted to None
• Custom field reviewstatus adjusted to None
• Custom field type adjusted to None
• Custom field version adjusted to None
• Issue set to the milestone: 1.4.1

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2020-02-26 16:58:58

Metadata Update from @mreynolds389:

• Issue priority set to: normal
• Issue set to the milestone: 1.4.4 (was: 1.4.1)
• Issue tagged with: RFE

[389-ds-bot]

Comment from tbordaz (@tbordaz) at 2020-04-22 16:43:58

#658

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2020-07-21 18:13:30

Metadata Update from @mreynolds389:

• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1859297

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2020-07-21 18:13:30

Issue linked to Bugzilla: Bug 1859297