[Freeipa-devel] [PATCH] s4u2proxy support
Rob Crittenden
rcritten at redhat.com
Wed Dec 14 19:18:17 UTC 2011
Dmitri Pal wrote:
> On 12/12/2011 07:15 PM, Simo Sorce wrote:
>> On Mon, 2011-12-12 at 15:22 -0500, Rob Crittenden wrote:
>>> This patch adds support for s4u2proxy. This means that the Apache
>>> server
>>> will obtain the ldap service ticket on behalf of the user rather than
>>> the using having to send their TGT. The user's ticket still needs to
>>> be
>>> forwardable, we just don't require it to be forwarded any more.
>>
>> Should we make the patch allow the old behavior by using a switch that
>> revert to forwarding the TGT ?
>>
>> It would be useful during upgrades if some of your servers still need
>> forwarded TGTs, or if you want to use a newer client against an old
>> server while you have the newer stuff under test.
>> (And to test in general).
>>
>> Simo.
> +1
>
Updated patch attached.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-914-1-nodelegation.patch
Type: text/x-patch
Size: 6035 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111214/2661f9ce/attachment.bin>
More information about the Freeipa-devel
mailing list