mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
23a49538f1
Helper utility to investigate PAC content of users in trusted environments. Supports direct ticket acquisition and S4U2Self protocol transition. 1. Direct ticket acquisition In direct ticket acquisition mode the utility first does one of the following actions: - obtain a TGT ticket for a user principal using supplied password - import existing TGT from a default credentials cache Once a user TGT is available, the utility will attempt to acquire a service ticket to a service which key is specified in a keytab (default or passed with --keytab option) and simulate establishing context to the service application. If establishing context succeeds, MS-PAC content of the service ticket will be printed out. 2. S4U2Self protocol transition In protocol transition case a service application obtains own TGT using a key from the keytab and then requests a service ticket to itself in the name of the user principal, performing S4U2Self request. If accepting this service ticket succeeds, MS-PAC content of the service ticket will be printed out. If KDC does not support or rejects issuing MS-PAC record for a user, an error message 'KDC has no support for padata type' will be printed. Related: https://pagure.io/freeipa/issue/8319 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-By: Isaac Boukris <iboukris@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> |
||
|---|---|---|
| .. | ||
| dnssec | ||
| ipa-kdb | ||
| ipa-otpd | ||
| ipa-sam | ||
| ipa-slapi-plugins | ||
| ipa-version.h.in | ||
| Makefile.am | ||