[Freeipa-devel] [PATCH] 0001 Added new authentication method

Tibor Dudlak tdudlak at redhat.com
Tue Aug 16 13:16:27 UTC 2016 

Hi,

I have edited this patch after review. It should be okay now.

Thank you.

On Thu, Aug 11, 2016 at 7:49 PM, Petr Vobornik <pvoborni at redhat.com> wrote:

> On 08/11/2016 07:21 PM, Martin Basti wrote:
> >
> >
> > On 11.08.2016 18:57, Pavel Vomacka wrote:
> >>
> >>
> >> On 08/11/2016 02:00 PM, Petr Vobornik wrote:
> >>> On 08/11/2016 10:54 AM, Alexander Bokovoy wrote:
> >>>> On Thu, 11 Aug 2016, Jan Cholasta wrote:
> >>>>> On 4.8.2016 17:27, Jan Pazdziora wrote:
> >>>>>> On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander Bokovoy wrote:
> >>>>>>> Got it. One thing I would correct, though, -- don't use
> >>>>>>> kadmin.local, we
> >>>>>>> do support setting ok_as_delegate on the service principals via IPA
> >>>>>>> CLI:
> >>>>>>> $ ipa service-mod --help |grep -A1 ok-as-delegate
> >>>>>>> --ok-as-delegate=BOOL
> >>>>>>>                        Client credentials may be delegated to the
> >>>>>>> service
> >>>>>> I've tried
> >>>>>>
> >>>>>>      ipa service-mod --ok-as-delegate=True HTTP/$(hostname)
> >>>>>>
> >>>>>> but that does not seem to have the same effect as
> >>>>>>
> >>>>>>      modprinc +ok_to_auth_as_delegate HTTP/ipa.example.test
> >>>>>>
> >>>>>> -- obtaining the delegated certificated fails.
> >>>>> That's because ok_as_delegate and ok_to_auth_as_delegate are
> different
> >>>>> flags.
> >>>> Right. The following patch adds ok_to_auth_as_delegate to the service
> >>>> principal.
> >>>>
> >>>> I haven't added any tickets to it yet.
> >>>>
> >>>>
> >>> This might deserve also nice Web UI checkbox similar to "Trusted for
> >>> delegation". CCing Pavel.
> >>>
> >> Here is patch with new checkbox. It is without ticket in commit message
> so
> >> once we will have the ticket I will send another patch witch updated
> commit
> >> message.
> >
> > https://fedorahosted.org/freeipa/newticket
> >
> > ;-)
>
> It's prerequisite for https://fedorahosted.org/freeipa/ticket/5764 so we
> might use that.
> >
> >>
> >>
> >>
> >
> >
> >
>
>
> --
> Petr Vobornik
>
> --
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>



-- 
Tibor Dudlák
Intern - Identity management Special Projects
Red Hat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160816/c383a44a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tdudlak-0001-2-Added-new-authentication-method.patch
Type: text/x-patch
Size: 2853 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160816/c383a44a/attachment.bin>

More information about the Freeipa-devel mailing list