[Freeipa-devel] [PATCH] s4u2proxy support
Simo Sorce
simo at redhat.com
Tue Dec 13 00:15:07 UTC 2011
On Mon, 2011-12-12 at 15:22 -0500, Rob Crittenden wrote:
> This patch adds support for s4u2proxy. This means that the Apache
> server
> will obtain the ldap service ticket on behalf of the user rather than
> the using having to send their TGT. The user's ticket still needs to
> be
> forwardable, we just don't require it to be forwarded any more.
Should we make the patch allow the old behavior by using a switch that
revert to forwarding the TGT ?
It would be useful during upgrades if some of your servers still need
forwarded TGTs, or if you want to use a newer client against an old
server while you have the newer stuff under test.
(And to test in general).
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list