Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't delegate the TGT in ipa-join #4907

Closed
wants to merge 1 commit into from
Closed

Don't delegate the TGT in ipa-join #4907

wants to merge 1 commit into from

Conversation

rcritten
Copy link
Contributor

@rcritten rcritten commented Jul 9, 2020

Pre 3.0.0 IPA delegated the TGT to enforce access control in
389-ds. At the point that S4U2Proxy support was added there
were still IPA 2.0.x servers in use so this delegation was
left in place in ipa-join so that enrollment would work.

Those days are long gone, remove that support in the XML and
JSON RPC requests.

https://pagure.io/freeipa/issue/8405

Signed-off-by: Rob Crittenden rcritten@redhat.com

@rcritten
Don't delegate the TGT in ipa-join
0976bed 
Pre 3.0.0 IPA delegated the TGT to enforce access control in
389-ds. At the point that S4U2Proxy support was added there
were still IPA 2.0.x servers in use so this delegation was
left in place in ipa-join so that enrollment would work.

Those days are long gone, remove that support in the XML and
JSON RPC requests.

https://pagure.io/freeipa/issue/8405

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
@rcritten rcritten added the ipa-4-8 Mark for backport to ipa 4.8 label Jul 9, 2020
@flo-renaud flo-renaud self-assigned this Jul 16, 2020
@flo-renaud
Copy link
Contributor

Hi @rcritten
thanks for the patch, LGTM.

@flo-renaud flo-renaud added the ack Pull Request approved, can be merged label Jul 16, 2020
@rcritten rcritten added the pushed Pull Request has already been pushed label Jul 17, 2020
@rcritten
Copy link
Contributor Author

master:

  • 28caa22 Don't delegate the TGT in ipa-join

@rcritten rcritten closed this Jul 17, 2020
@rcritten rcritten removed the ipa-4-8 Mark for backport to ipa 4.8 label Jul 17, 2020
@rcritten
Copy link
Contributor Author

Removed ipa-4-8 label, the JSON change is going into ipa-next only. No backport needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@flo-renaud flo-renaud

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
2 participants
@rcritten @flo-renaud