Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPA certauth plugin #575

Closed
wants to merge 2 commits into from
Closed

IPA certauth plugin #575

wants to merge 2 commits into from

Conversation

sumit-bose
Copy link
Contributor

@sumit-bose sumit-bose commented Mar 13, 2017
edited by ghost
Loading

This patch add a certauth plugin which allows the IPA server to support
PKINIT for certificates which do not include a special SAN extension which
contains a Kerberos principal but allow other mappings with the help of
SSSD's certmap library.

Related to https://pagure.io/freeipa/issue/4905

@sumit-bose
Copy link
Contributor Author

This patch depends on SSSD/sssd#192 (SSSD's certmap library) and krb5/krb5#610 (MIT Kerberos certauth plugin support)

@sumit-bose sumit-bose mentioned this pull request Mar 13, 2017
Closed
@sumit-bose
Copy link
Contributor Author

I updated the code to reflect the latest changes in the interface from krb5/krb5#610.

@ghost ghost self-assigned this Mar 15, 2017
@abbra
Copy link
Contributor

abbra commented Mar 23, 2017

The code LGTM. Once updated SSSD is added to freeipa-master copr, let's see what CI says.

Authentication indicators' handling would need to be added in a separate PR once certmap rules would provide the indicator value.

@sumit-bose
ipa-kdb: add ipadb_fetch_principals_with_extra_filter()
e84f70c 
Additionally make ipadb_find_principal public.

Related to https://pagure.io/freeipa/issue/4905
@sumit-bose
IPA certauth plugin
4518c60 
This patch add a certauth plugin which allows the IPA server to support
PKINIT for certificates which do not include a special SAN extension
which contains a Kerberos principal but allow other mappings with the
help of SSSD's certmap library.

Related to https://pagure.io/freeipa/issue/4905
@sumit-bose sumit-bose force-pushed the certauth branch 2 times, most recently from 486a473 to 4518c60 Compare March 27, 2017 06:39
@sumit-bose sumit-bose closed this Mar 27, 2017
@sumit-bose sumit-bose reopened this Mar 27, 2017
@ghost
Copy link

ghost commented Mar 27, 2017

I've tested the patches and it worked as expected. Once CI successfully finishes I'll ACK it.

@ghost ghost added the ack Pull Request approved, can be merged label Mar 27, 2017
@ghost
Copy link

ghost commented Mar 27, 2017

master:

  • da880de ipa-kdb: add ipadb_fetch_principals_with_extra_filter()

  • c415604 IPA certauth plugin
    ipa-4-5:

  • cfaaf4e ipa-kdb: add ipadb_fetch_principals_with_extra_filter()

  • 5a1ce1f IPA certauth plugin

@ghost ghost added the pushed Pull Request has already been pushed label Mar 27, 2017
@ghost ghost closed this Mar 27, 2017
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sumit-bose @abbra