[Freeipa-devel] [PATCH] 0001 Added new authentication method
Pavel Vomacka
pvomacka at redhat.com
Thu Aug 11 16:57:17 UTC 2016
On 08/11/2016 02:00 PM, Petr Vobornik wrote:
> On 08/11/2016 10:54 AM, Alexander Bokovoy wrote:
>> On Thu, 11 Aug 2016, Jan Cholasta wrote:
>>> On 4.8.2016 17:27, Jan Pazdziora wrote:
>>>> On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander Bokovoy wrote:
>>>>> Got it. One thing I would correct, though, -- don't use
>>>>> kadmin.local, we
>>>>> do support setting ok_as_delegate on the service principals via IPA
>>>>> CLI:
>>>>> $ ipa service-mod --help |grep -A1 ok-as-delegate
>>>>> --ok-as-delegate=BOOL
>>>>> Client credentials may be delegated to the
>>>>> service
>>>> I've tried
>>>>
>>>> ipa service-mod --ok-as-delegate=True HTTP/$(hostname)
>>>>
>>>> but that does not seem to have the same effect as
>>>>
>>>> modprinc +ok_to_auth_as_delegate HTTP/ipa.example.test
>>>>
>>>> -- obtaining the delegated certificated fails.
>>> That's because ok_as_delegate and ok_to_auth_as_delegate are different
>>> flags.
>> Right. The following patch adds ok_to_auth_as_delegate to the service
>> principal.
>>
>> I haven't added any tickets to it yet.
>>
>>
> This might deserve also nice Web UI checkbox similar to "Trusted for
> delegation". CCing Pavel.
>
Here is patch with new checkbox. It is without ticket in commit message
so once we will have the ticket I will send another patch witch updated
commit message.
--
Pavel^3 Vomacka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvomacka-0105-Add-trusted-to-auth-as-user-checkbox.patch
Type: text/x-patch
Size: 1091 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160811/0f683783/attachment.bin>
More information about the Freeipa-devel
mailing list