2 Commits

Author	SHA1	Message	Date
Changmin Teng	15ff9c8fec	Implement user pre-authentication control with kdcpolicy plugin ... We created a Kerberos kdcpolicy plugin to enforce user pre-authentication policy for newly added pkinit and hardened policy. In the past version of freeIPA, password enforcement exists but was done by removing key data for a principal while parsing LDAP entry for it. This hack is also removed and is now also enforced by kdcpolicy plugin instead. Resolves: https://pagure.io/freeipa/issue/8001 Signed-off-by: Changmin Teng <cteng@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com>	2019-09-10 12:33:21 +03:00
Robbie Harwood	179c8f4009	Add a skeleton kdcpolicy plugin ... Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com>	2019-09-10 12:33:21 +03:00