Extend the list of supported pre-auth mechanisms in IPA server API

As new authentication indicators implemented, we also modified server API to support those new values. Also, "krbprincipalauthind" attribute is modified to use a pre-defined set of values instead of arbitrary strings. Resolves: https://pagure.io/freeipa/issue/8001 Signed-off-by: Changmin Teng <cteng@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-07-29 11:00:35 -04:00
parent 9c0a35f1e7
commit d0570404ef
10 changed files with 55 additions and 31 deletions
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -253,11 +253,13 @@ class config(LDAPObject):
            doc=_('Default types of PAC supported for services'),
            values=(u'MS-PAC', u'PAD', u'nfs:NONE'),
        ),
-        StrEnum('ipauserauthtype*',
+        StrEnum(
+            'ipauserauthtype*',
            cli_name='user_auth_type',
            label=_('Default user authentication types'),
            doc=_('Default types of supported user authentication'),
-            values=(u'password', u'radius', u'otp', u'disabled'),
+            values=(u'password', u'radius', u'otp',
+                    u'pkinit', u'hardened', u'disabled'),
        ),
        Str(
            'ipa_master_server*',