[Freeipa-devel] [freeipa PR#734][opened] kerberos session: use CA cert with full cert chain for obtaining cookie
pvoborni
freeipa-github-notification at redhat.com
Wed Apr 26 07:38:12 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/734
Author: pvoborni
Title: #734: kerberos session: use CA cert with full cert chain for obtaining cookie
Action: opened
PR body:
"""
Http request performed in finalize_kerberos_acquisition doesn't use
CA certificate/certificate store with full certificate chain of IPA server.
So it might happen that in case that IPA is installed with externally signed
CA certificate, the call can fail because of certificate validation
and e.g. prevent session acquisition.
If it will fail for sure is not known - the use case was not discovered,
but it is faster and safer to fix preemptively.
https://pagure.io/freeipa/issue/6876
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/734/head:pr734
git checkout pr734
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-734.patch
Type: text/x-diff
Size: 1549 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170426/a9959d30/attachment.bin>
More information about the Freeipa-devel
mailing list