freeipa/daemons
Sumit Bose 0ce3ab36b4 ipa-kdb: do not fail if certmap rule cannot be added
Currently if a certificate mapping and matching rule has a typo or is of
an unsupported type the whole rule processing is aborted and the IPA
certmap plugin works without any rules effectively disabling PKINIT for
users. Since each rule would only allow more certificates for PKINIT it
would be more user/admin friendly to just ignore the failed rules with a
log message and continue with what is left or use the default rule if
nothing is left.

This change is done to add more flexibility to define new mapping and
matching templates which are e.g. needed to cover changes planned by
Microsoft as explained in
https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-10-07 17:02:43 +02:00
..
dnssec dnssec daemons: read the dns context config file for debug state 2022-06-02 11:17:57 +02:00
ipa-kdb ipa-kdb: do not fail if certmap rule cannot be added 2022-10-07 17:02:43 +02:00
ipa-otpd ipa-otpd: initialize local pointers and handle gcc 10 2022-08-29 17:34:20 +02:00
ipa-sam ipa-sam: retrieve trusted domain account credential from the TDO itself 2022-04-13 18:37:12 +02:00
ipa-slapi-plugins extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization) 2022-10-04 14:01:56 +02:00
ipa-version.h.in Build: move version handling from Makefile to configure 2016-11-09 13:08:32 +01:00
Makefile.am build: Unify compiler warning flags used 2021-01-15 14:11:56 +01:00