[Freeipa-devel] [freeipa PR#746][opened] KDC proxy URI records
MartinBasti
freeipa-github-notification at redhat.com
Thu Apr 27 16:11:57 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/746
Author: MartinBasti
Title: #746: KDC proxy URI records
Action: opened
PR body:
"""
Automatic creation of KDC proxy URI records
Enables creation of following KDC proxy URL records per each replica:
_kerberos.example.com. IN URI <prio> <weight>
krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy"
_kpasswd.example.com. IN URI <prio> <weight> "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy"
Records are created for each replica in topology as KDC proxy is enabled
by default. (If KDC proxy is manually disabled this record will be
created anyway)
URI records for kadmin discovery are not created because FreeIPA doesn't
support kadmin.
See: https://k5wiki.kerberos.org/wiki/Projects/KDC_Discovery
https://pagure.io/freeipa/issue/6337
### TODO
[ ] Add URI records for 88/UDP, 88/TCP with higher priority to keep client ask directly KDC first
[ ] Add URI records for HTTPS only when kdc proxy is enabled on server (requires to update server roles with role attribute KDC proxy)
[ ] Fix https://pagure.io/freeipa/issue/6906 to allow enroll FreeIPA clients using HTTPS KDC proxy
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/746/head:pr746
git checkout pr746
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-746.patch
Type: text/x-diff
Size: 10568 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170427/1d450d41/attachment.bin>
More information about the Freeipa-devel
mailing list