[Freeipa-devel] [PATCH] 0001 Added new authentication method
Jan Pazdziora
jpazdziora at redhat.com
Thu Aug 4 15:27:55 UTC 2016
On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander Bokovoy wrote:
>
> Got it. One thing I would correct, though, -- don't use kadmin.local, we
> do support setting ok_as_delegate on the service principals via IPA CLI:
> $ ipa service-mod --help |grep -A1 ok-as-delegate
> --ok-as-delegate=BOOL
> Client credentials may be delegated to the service
I've tried
ipa service-mod --ok-as-delegate=True HTTP/$(hostname)
but that does not seem to have the same effect as
modprinc +ok_to_auth_as_delegate HTTP/ipa.example.test
-- obtaining the delegated certificated fails.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-devel
mailing list