[Freeipa-devel] [PATCH 560] Allow to set allowed krb authz data type per user
Simo Sorce
simo at redhat.com
Tue Nov 24 23:09:30 UTC 2015
This patch is untested and mostly an RFC.
I think it is all we need to allow to specify authz data types per user
and by setting the attribute to NONE preventing a user from getting
MS-PAC data in their ticket.
Alexander you changed quite a bit the code around here so I'd like to
know if you think the change I made in the KDC will cause any issue with
the special PACs we generate for master's principals. As far as I can
tell it shouldn't.
Any opinion is welcome.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-simo-560-1-Allow-to-specify-Kerberos-authz-data-type-per-user.patch
Type: text/x-patch
Size: 3611 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151124/9658af11/attachment.bin>
More information about the Freeipa-devel
mailing list