[Freeipa-devel] [PATCH] 0001 Added new authentication method
Pavel Vomacka
pvomacka at redhat.com
Wed Aug 17 12:42:53 UTC 2016
On 08/11/2016 07:49 PM, Petr Vobornik wrote:
> On 08/11/2016 07:21 PM, Martin Basti wrote:
>>
>> On 11.08.2016 18:57, Pavel Vomacka wrote:
>>>
>>> On 08/11/2016 02:00 PM, Petr Vobornik wrote:
>>>> On 08/11/2016 10:54 AM, Alexander Bokovoy wrote:
>>>>> On Thu, 11 Aug 2016, Jan Cholasta wrote:
>>>>>> On 4.8.2016 17:27, Jan Pazdziora wrote:
>>>>>>> On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander Bokovoy wrote:
>>>>>>>> Got it. One thing I would correct, though, -- don't use
>>>>>>>> kadmin.local, we
>>>>>>>> do support setting ok_as_delegate on the service principals via IPA
>>>>>>>> CLI:
>>>>>>>> $ ipa service-mod --help |grep -A1 ok-as-delegate
>>>>>>>> --ok-as-delegate=BOOL
>>>>>>>> Client credentials may be delegated to the
>>>>>>>> service
>>>>>>> I've tried
>>>>>>>
>>>>>>> ipa service-mod --ok-as-delegate=True HTTP/$(hostname)
>>>>>>>
>>>>>>> but that does not seem to have the same effect as
>>>>>>>
>>>>>>> modprinc +ok_to_auth_as_delegate HTTP/ipa.example.test
>>>>>>>
>>>>>>> -- obtaining the delegated certificated fails.
>>>>>> That's because ok_as_delegate and ok_to_auth_as_delegate are different
>>>>>> flags.
>>>>> Right. The following patch adds ok_to_auth_as_delegate to the service
>>>>> principal.
>>>>>
>>>>> I haven't added any tickets to it yet.
>>>>>
>>>>>
>>>> This might deserve also nice Web UI checkbox similar to "Trusted for
>>>> delegation". CCing Pavel.
>>>>
>>> Here is patch with new checkbox. It is without ticket in commit message so
>>> once we will have the ticket I will send another patch witch updated commit
>>> message.
>> https://fedorahosted.org/freeipa/newticket
>>
>> ;-)
> It's prerequisite for https://fedorahosted.org/freeipa/ticket/5764 so we
> might use that.
Thank you, patch with updated commit message attached.
--
Pavel^3 Vomacka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvomacka-0105-2-Add-trusted-to-auth-as-user-checkbox.patch
Type: text/x-patch
Size: 1154 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160817/a7341a00/attachment.bin>
More information about the Freeipa-devel
mailing list