mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
0ce3ab36b4
Currently if a certificate mapping and matching rule has a typo or is of an unsupported type the whole rule processing is aborted and the IPA certmap plugin works without any rules effectively disabling PKINIT for users. Since each rule would only allow more certificates for PKINIT it would be more user/admin friendly to just ignore the failed rules with a log message and continue with what is left or use the default rule if nothing is left. This change is done to add more flexibility to define new mapping and matching templates which are e.g. needed to cover changes planned by Microsoft as explained in https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> |
||
---|---|---|
.. | ||
dnssec | ||
ipa-kdb | ||
ipa-otpd | ||
ipa-sam | ||
ipa-slapi-plugins | ||
ipa-version.h.in | ||
Makefile.am |