IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't set delegation flag in client, we're using S4U2Proxy now

Browse Source 
A forwardable ticket is still required but we no longer need to send
the TGT to the IPA server. A new flag, --delegate, is available if
the old behavior is required.

Set the minimum n-v-r for mod_auth_kerb and krb5-server to pick up
needed patches for S4U2Proxy to work.

https://fedorahosted.org/freeipa/ticket/1098
https://fedorahosted.org/freeipa/ticket/2246
This commit is contained in:
Rob Crittenden
2012-02-15 17:06:54 +01:00
committed by Martin Kosek
parent 95b1848f19
commit 2da6d6e746
7 changed files with 33 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/share/bootstrap-template.ldif
View File

@@ -174,7 +174,7 @@ objectClass: groupOfPrincipals
objectClass: top
cn: ipa-http-delegation
memberPrincipal: HTTP/$HOST@$REALM
ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=etc,$SUFFIX
ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
changetype: add