[Freeipa-devel] [freeipa PR#227][opened] cert-request: match names against principal alises
frasertweedale
freeipa-github-notification at redhat.com
Thu Nov 10 11:36:58 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/227
Author: frasertweedale
Title: #227: cert-request: match names against principal alises
Action: opened
PR body:
"""
Currently we do not check Kerberos principal aliases when validating
a CSR. Enhance cert-request to accept the following scenarios:
- for hosts and services: CN and SAN dnsNames match a principal
alias (realm and service name must be same as nominated principal)
- for all principal types: UPN or KRB5PrincipalName othername match
any principal alias.
Fixes: https://fedorahosted.org/freeipa/ticket/6295
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/227/head:pr227
git checkout pr227
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-227.patch
Type: text/x-diff
Size: 13164 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20161110/833fb7c8/attachment.bin>
More information about the Freeipa-devel
mailing list