Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Add support to request canonicalization on krb AS requests #1999

Closed
sssd-bot opened this issue May 2, 2020 · 0 comments
Closed

[RFE] Add support to request canonicalization on krb AS requests #1999

sssd-bot opened this issue May 2, 2020 · 0 comments
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/957

We should add support to set the canonicalization option with krb5_get_init_creds_opt_set_canonicalize() when asking for a TGT.

We should do that both in get_and_save_tgt_with_keytab() and probably krb5_child_setup()

Comments

Comment from sgallagh at 2011-08-08 21:48:59

This should be made available as an option in sssd.conf, defaulting to enabled in the ipa provider. Due to compatibility issues with older servers, it needs to default to false in the krb5 provider.

component: SSSD => Kerberos Provider
milestone: NEEDS_TRIAGE => SSSD 1.7.0
owner: somebody => sgallagh
priority: major => blocker

Comment from jgalipea at 2011-10-06 15:47:07

Fields changed

summary: Add support to request canonicalization on krb AS requests => [RFE] Add support to request canonicalization on krb AS requests
type: defect => enhancement

Comment from jzeleny at 2011-10-19 09:12:19

Fields changed

owner: sgallagh => jzeleny
status: new => assigned

Comment from jzeleny at 2011-10-20 10:48:30

Fields changed

patch: 0 => 1

Comment from jzeleny at 2011-10-25 12:35:33

Simo, does this change need to be implemented in LDAP provider as well?

Comment from simo at 2011-10-31 20:14:58

Replying to [comment:5 jzeleny]:

Simo, does this change need to be implemented in LDAP provider as well?

For initialization of the credentials we have in the keytab ?
We might but it is not critical. We generally have the canonicalized name in the keytab anyway. But it wouldn't hurt.

Comment from sgallagh at 2011-11-02 19:14:57

Fixed by:
- 20c1873
- 7dfc761
- ed80a7f

resolution: => fixed
status: assigned => closed

Comment from sgallagh at 2012-01-30 22:05:36

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=785907

rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=785907 785907]

Comment from simo at 2017-02-24 14:26:40

Metadata Update from @Simo:

  • Issue assigned to jzeleny
  • Issue set to the milestone: SSSD 1.7.0
@sssd-bot sssd-bot added Bugzilla Closed: Fixed Issue was closed as fixed. labels May 2, 2020
@sssd-bot sssd-bot closed this as completed May 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sssd-bot