[Freeipa-devel] [freeipa PR#227][comment] cert-request: match names against principal aliases
martbab
freeipa-github-notification at redhat.com
Mon Nov 14 12:37:35 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/227
Title: #227: cert-request: match names against principal aliases
martbab commented:
"""
@frasertweedale What is the intended semantics of the checks against principal aliases in SAN? If the requestor can use only the aliases belonging to the entry of the recieving principal, then it should be enough to retrieve the entry by searching for the 'krbprincipalname' from --principal option, retrieve it, and then checking whether all values of dnsName/KRB5PrincipalName are a subset of Kerberos principal aliases.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/227#issuecomment-260324521
More information about the Freeipa-devel
mailing list