[Freeipa-devel] [PATCH] 299 request certs for other hosts
Jason Gerard DeRose
jderose at redhat.com
Wed Oct 21 10:50:53 UTC 2009
On Tue, 2009-10-20 at 12:02 -0400, Rob Crittenden wrote:
> First pass at enforcing certificates be requested from same host
>
> We want to only allow a machine to request a certificate for itself, not
> for other machines. I've added a new taksgroup which will allow this.
>
> The requesting IP is resolved and compared to the subject of the CSR to
> determine if they are the same host. The same is done with the service
> principal. Subject alt names are not queried yet.
>
> This does not yet grant machines actual permission to request
> certificates yet, that is still limited to the taskgroup request_certs.
>
> This also fixes some minor typos I discovered.
>
> rob
ack. pushed to master.
More information about the Freeipa-devel
mailing list